diff --git a/openssh/defaults.yaml b/openssh/defaults.yaml index 6e9d837..aaa1bcb 100644 --- a/openssh/defaults.yaml +++ b/openssh/defaults.yaml @@ -8,3 +8,27 @@ openssh: ssh_known_hosts: /etc/ssh/ssh_known_hosts dig_pkg: dnsutils ssh_moduli: /etc/ssh/moduli +ssh_config: + Hosts: + '*': + ForwardAgent: no + ForwardX11: no + RhostsRSAAuthentication: no + RSAAuthentication: yes + PasswordAuthentication: yes + HostbasedAuthentication: no + GSSAPIAuthentication: no + GSSAPIDelegateCredentials: no + BatchMode: no + CheckHostIP: yes + AddressFamily: any + ConnectTimeout: 0 + StrictHostKeyChecking: ask + IdentityFile: "~/.ssh/id_rsa" + Port: 22 + Protocol: 2 + Cipher: 3des + Tunnel: no + TunnelDevice: "any:any" + PermitLocalCommand: no + VisualHostKey: no diff --git a/openssh/files/ssh_config b/openssh/files/ssh_config index 809b2b2..4bd2146 100644 --- a/openssh/files/ssh_config +++ b/openssh/files/ssh_config @@ -1,11 +1,9 @@ -{%- set ssh_config = pillar.get('ssh_config', {}) -%} +{%- import_yaml "openssh/defaults.yaml" as default_settings -%} +{%- set ssh_config = salt['pillar.get']('ssh_config', default=default_settings.ssh_config, merge=True) -%} {#- present in ssh_config and known in actual file options -#} {%- set processed_options = [] -%} -{#- generic renderer used for ssh matches, known options, -#} -{#- and unknown options -#} -{%- macro render_option(keyword, default, config_dict=ssh_config) -%} - {%- set value = config_dict.get(keyword, default) -%} +{%- macro render_raw_option(keyword, value) -%} {%- if value is sameas true -%} {{ keyword }} yes {%- elif value is sameas false -%} @@ -19,6 +17,13 @@ {%- endif -%} {%- endmacro -%} +{#- generic renderer used for ssh matches, known options, -#} +{#- and unknown options -#} +{%- macro render_option(keyword, default, config_dict=ssh_config) -%} + {%- set value = config_dict.get(keyword, default) -%} +{{ render_raw_option(keyword, value) }} +{%- endmacro -%} + {#- macros for render option according to present -#} {%- macro option_impl(keyword, default, present) -%} {%- if present -%} @@ -45,35 +50,13 @@ # Do not edit this file manually! # It will be overwritten by salt! -{{ option_default_uncommented('Host', '*') }} -{{ option(' ForwardAgent', 'no') }} -{{ option(' ForwardX11', 'no') }} -{{ option(' RhostsRSAAuthentication', 'no') }} -{{ option(' RSAAuthentication', 'yes') }} -{{ option(' PasswordAuthentication', 'yes') }} -{{ option(' HostbasedAuthentication', 'no') }} -{{ option(' GSSAPIAuthentication', 'no') }} -{{ option(' GSSAPIDelegateCredentials', 'no') }} -{{ option(' BatchMode', 'no') }} -{{ option(' CheckHostIP', 'yes') }} -{{ option(' AddressFamily', 'any') }} -{{ option(' ConnectTimeout', 0) }} -{{ option(' StrictHostKeyChecking', 'ask') }} -{{ option(' IdentityFile', '~/.ssh/id_rsa') }} -{{ option(' Port', 22) }} -{{ option(' Protocol', 2) }} -{{ option(' Cipher', '3des') }} -{{ option(' Tunnel', 'no') }} -{{ option(' TunnelDevice', 'any:any') }} -{{ option(' PermitLocalCommand', 'no') }} -{{ option(' VisualHostKey', 'no') }} - {%- if 'Hosts' in ssh_config %} {%- do processed_options.append('Hosts') %} {% for host, conf in ssh_config['Hosts'].items() %} Host {{ host }} {%- for key, val in conf.items() %} - {{ key }} {{ val }}{%- endfor %} + {{ render_raw_option(key, val) }} + {%- endfor %} {%- endfor %} {%- endif %}