From 3791b1138018aa7cbe7b866f3b61c9ad8bba727b Mon Sep 17 00:00:00 2001 From: abednarik Date: Sun, 29 Nov 2015 15:56:17 -0300 Subject: [PATCH 01/15] Added default path for sftp Subsystem in FreeBSD --- openssh/map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/openssh/map.jinja b/openssh/map.jinja index 639b81d..cd70278 100644 --- a/openssh/map.jinja +++ b/openssh/map.jinja @@ -19,6 +19,7 @@ that differ from whats in defaults.yaml 'FreeBSD': { 'service': 'sshd', 'dig_pkg': 'bind-tools', + 'Subsystem': 'sftp /usr/libexec/sftp-server', }, 'Gentoo': { 'server': 'net-misc/openssh', From b813b4b52ae86487aeb72a770bcef8a48e1734b0 Mon Sep 17 00:00:00 2001 From: abednarik Date: Mon, 30 Nov 2015 09:25:28 -0300 Subject: [PATCH 02/15] Replaced iteritems deprecated function with items --- openssh/auth.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssh/auth.sls b/openssh/auth.sls index a7980c9..50a52b0 100644 --- a/openssh/auth.sls +++ b/openssh/auth.sls @@ -32,7 +32,7 @@ include: {%- from "openssh/map.jinja" import openssh with context -%} {%- set openssh_pillar = pillar.get('openssh', {}) -%} {%- set auth = openssh_pillar.get('auth', {}) -%} -{%- for identifier,keys in auth.iteritems() -%} +{%- for identifier,keys in auth.items() -%} {%- for key in keys -%} {% if 'present' in key and key['present'] %} {{ print_name(identifier, key) }}: From 143451eb19a8025f949265b4654e29abbefde777 Mon Sep 17 00:00:00 2001 From: ketzacoatl Date: Sat, 2 Jan 2016 18:12:55 -0500 Subject: [PATCH 03/15] Add support for Host definitions in ssh_config This gives us the ability to define system-wide definitions for specific Hosts, and their options. For example, with this in pillar: ``` # this is the place for host-wide SSH config ssh_config: ... Hosts: # this simplifies cloning with custom params # eg: git clone my-git:foo/bar my-git: User: git HostName: git.example.com Port: 2222 ``` This would add a section in `/etc/ssh/ssh_config`: ``` Host my-git User git HostName git.example.com Port 2222 ``` --- openssh/files/ssh_config | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/openssh/files/ssh_config b/openssh/files/ssh_config index 46f0506..809b2b2 100644 --- a/openssh/files/ssh_config +++ b/openssh/files/ssh_config @@ -68,6 +68,15 @@ {{ option(' PermitLocalCommand', 'no') }} {{ option(' VisualHostKey', 'no') }} +{%- if 'Hosts' in ssh_config %} +{%- do processed_options.append('Hosts') %} +{% for host, conf in ssh_config['Hosts'].items() %} +Host {{ host }} + {%- for key, val in conf.items() %} + {{ key }} {{ val }}{%- endfor %} +{%- endfor %} +{%- endif %} + {# Handling unknown in salt template options #} {%- for keyword in ssh_config.keys() %} {#- Matches have to be at the bottom and should be handled differently -#} From 1e515b0f5dfe74b1dc28a3ddc1b0615770bfdcba Mon Sep 17 00:00:00 2001 From: Nigel Sim Date: Thu, 14 Jan 2016 02:57:45 +0000 Subject: [PATCH 04/15] make the host option rendering support lists by refactoring the main option rendering code put the ssh_config Host:* options in the defaults file so they can be overridden --- openssh/defaults.yaml | 24 +++++++++++++++++++++++ openssh/files/ssh_config | 41 ++++++++++++---------------------------- 2 files changed, 36 insertions(+), 29 deletions(-) diff --git a/openssh/defaults.yaml b/openssh/defaults.yaml index 6e9d837..aaa1bcb 100644 --- a/openssh/defaults.yaml +++ b/openssh/defaults.yaml @@ -8,3 +8,27 @@ openssh: ssh_known_hosts: /etc/ssh/ssh_known_hosts dig_pkg: dnsutils ssh_moduli: /etc/ssh/moduli +ssh_config: + Hosts: + '*': + ForwardAgent: no + ForwardX11: no + RhostsRSAAuthentication: no + RSAAuthentication: yes + PasswordAuthentication: yes + HostbasedAuthentication: no + GSSAPIAuthentication: no + GSSAPIDelegateCredentials: no + BatchMode: no + CheckHostIP: yes + AddressFamily: any + ConnectTimeout: 0 + StrictHostKeyChecking: ask + IdentityFile: "~/.ssh/id_rsa" + Port: 22 + Protocol: 2 + Cipher: 3des + Tunnel: no + TunnelDevice: "any:any" + PermitLocalCommand: no + VisualHostKey: no diff --git a/openssh/files/ssh_config b/openssh/files/ssh_config index 809b2b2..4bd2146 100644 --- a/openssh/files/ssh_config +++ b/openssh/files/ssh_config @@ -1,11 +1,9 @@ -{%- set ssh_config = pillar.get('ssh_config', {}) -%} +{%- import_yaml "openssh/defaults.yaml" as default_settings -%} +{%- set ssh_config = salt['pillar.get']('ssh_config', default=default_settings.ssh_config, merge=True) -%} {#- present in ssh_config and known in actual file options -#} {%- set processed_options = [] -%} -{#- generic renderer used for ssh matches, known options, -#} -{#- and unknown options -#} -{%- macro render_option(keyword, default, config_dict=ssh_config) -%} - {%- set value = config_dict.get(keyword, default) -%} +{%- macro render_raw_option(keyword, value) -%} {%- if value is sameas true -%} {{ keyword }} yes {%- elif value is sameas false -%} @@ -19,6 +17,13 @@ {%- endif -%} {%- endmacro -%} +{#- generic renderer used for ssh matches, known options, -#} +{#- and unknown options -#} +{%- macro render_option(keyword, default, config_dict=ssh_config) -%} + {%- set value = config_dict.get(keyword, default) -%} +{{ render_raw_option(keyword, value) }} +{%- endmacro -%} + {#- macros for render option according to present -#} {%- macro option_impl(keyword, default, present) -%} {%- if present -%} @@ -45,35 +50,13 @@ # Do not edit this file manually! # It will be overwritten by salt! -{{ option_default_uncommented('Host', '*') }} -{{ option(' ForwardAgent', 'no') }} -{{ option(' ForwardX11', 'no') }} -{{ option(' RhostsRSAAuthentication', 'no') }} -{{ option(' RSAAuthentication', 'yes') }} -{{ option(' PasswordAuthentication', 'yes') }} -{{ option(' HostbasedAuthentication', 'no') }} -{{ option(' GSSAPIAuthentication', 'no') }} -{{ option(' GSSAPIDelegateCredentials', 'no') }} -{{ option(' BatchMode', 'no') }} -{{ option(' CheckHostIP', 'yes') }} -{{ option(' AddressFamily', 'any') }} -{{ option(' ConnectTimeout', 0) }} -{{ option(' StrictHostKeyChecking', 'ask') }} -{{ option(' IdentityFile', '~/.ssh/id_rsa') }} -{{ option(' Port', 22) }} -{{ option(' Protocol', 2) }} -{{ option(' Cipher', '3des') }} -{{ option(' Tunnel', 'no') }} -{{ option(' TunnelDevice', 'any:any') }} -{{ option(' PermitLocalCommand', 'no') }} -{{ option(' VisualHostKey', 'no') }} - {%- if 'Hosts' in ssh_config %} {%- do processed_options.append('Hosts') %} {% for host, conf in ssh_config['Hosts'].items() %} Host {{ host }} {%- for key, val in conf.items() %} - {{ key }} {{ val }}{%- endfor %} + {{ render_raw_option(key, val) }} + {%- endfor %} {%- endfor %} {%- endif %} From 0abbaac60db8787726bf6941edd1d2a7760c94cc Mon Sep 17 00:00:00 2001 From: Theo Chatzimichos Date: Wed, 23 Mar 2016 14:41:25 +0100 Subject: [PATCH 05/15] Fix the default Subystem sftp-server path for SLE --- openssh/map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/openssh/map.jinja b/openssh/map.jinja index cd70278..89e0c5a 100644 --- a/openssh/map.jinja +++ b/openssh/map.jinja @@ -38,6 +38,7 @@ that differ from whats in defaults.yaml 'client': 'openssh', 'service': 'sshd', 'dig_pkg': 'bind-utils', + 'Subsystem': 'sftp /usr/lib/ssh/sftp-server', }, } , grain="os_family" From daed52de192e28de03b8681d8a3080d6577d52c8 Mon Sep 17 00:00:00 2001 From: Simon Lloyd Date: Mon, 18 Apr 2016 15:46:10 +0000 Subject: [PATCH 06/15] Add sshd_config to map.jinja and check if dig command is available before installing 'dig' package. --- openssh/defaults.yaml | 2 ++ openssh/files/sshd_config | 2 +- openssh/known_hosts.sls | 8 +++++++- openssh/map.jinja | 27 +++++++++++++++++++++++++-- 4 files changed, 35 insertions(+), 4 deletions(-) diff --git a/openssh/defaults.yaml b/openssh/defaults.yaml index aaa1bcb..ccf2229 100644 --- a/openssh/defaults.yaml +++ b/openssh/defaults.yaml @@ -8,6 +8,8 @@ openssh: ssh_known_hosts: /etc/ssh/ssh_known_hosts dig_pkg: dnsutils ssh_moduli: /etc/ssh/moduli + root_group: root +sshd_config: {} ssh_config: Hosts: '*': diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config index 286200b..62ce97b 100644 --- a/openssh/files/sshd_config +++ b/openssh/files/sshd_config @@ -1,4 +1,4 @@ -{%- set sshd_config = pillar.get('sshd_config', {}) -%} +{% from "openssh/map.jinja" import sshd_config with context %} {#- present in sshd_config and known in actual file options -#} {%- set processed_options = [] -%} diff --git a/openssh/known_hosts.sls b/openssh/known_hosts.sls index 8f8d2a8..af22f6b 100644 --- a/openssh/known_hosts.sls +++ b/openssh/known_hosts.sls @@ -1,8 +1,14 @@ {% from "openssh/map.jinja" import openssh with context %} +check for existing dig: + cmd.run: + - name: which dig + ensure dig is available: pkg.installed: - name: {{ openssh.dig_pkg }} + - onfail: + - cmd: check for existing dig manage ssh_known_hosts file: file.managed: @@ -10,7 +16,7 @@ manage ssh_known_hosts file: - source: salt://openssh/files/ssh_known_hosts - template: jinja - user: root - - group: root + - group: {{ openssh.root_group }} - mode: 644 - require: - pkg: ensure dig is available diff --git a/openssh/map.jinja b/openssh/map.jinja index 89e0c5a..3d7a4ab 100644 --- a/openssh/map.jinja +++ b/openssh/map.jinja @@ -19,7 +19,7 @@ that differ from whats in defaults.yaml 'FreeBSD': { 'service': 'sshd', 'dig_pkg': 'bind-tools', - 'Subsystem': 'sftp /usr/libexec/sftp-server', + 'root_group': 'wheel', }, 'Gentoo': { 'server': 'net-misc/openssh', @@ -38,7 +38,6 @@ that differ from whats in defaults.yaml 'client': 'openssh', 'service': 'sshd', 'dig_pkg': 'bind-utils', - 'Subsystem': 'sftp /usr/lib/ssh/sftp-server', }, } , grain="os_family" @@ -56,3 +55,27 @@ that differ from whats in defaults.yaml ) %} +{% set os_family_map = salt['grains.filter_by']({ + 'FreeBSD': { + 'Subsystem': 'sftp /usr/libexec/sftp-server', + }, + 'Suse': { + 'Subsystem': 'sftp /usr/lib/ssh/sftp-server', + }, + 'default': {} + } + , grain="os_family" + , merge=salt['pillar.get']('sshd_config:lookup')) +%} + + +{## Merge the flavor_map to the default settings ##} +{% do default_settings.sshd_config.update(os_family_map) %} + +{## Merge in sshd_config:lookup pillar ##} +{% set sshd_config = salt['pillar.get']( + 'sshd_config', + default=default_settings.sshd_config, + merge=True + ) +%} From 49923a6371b221f541a74cff3968b44cde53cb0a Mon Sep 17 00:00:00 2001 From: Wolodja Wentland Date: Wed, 4 May 2016 09:47:48 +0200 Subject: [PATCH 07/15] Drop overly opinionated ssh_config defaults This set of options reflect the ssh_config options that are set by default on Debian. The way this was set before has the potential to break exisisting setups that rely on "normal" defaults, rather than the rather opinionated ones that are now being shipped with this formula. --- openssh/defaults.yaml | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) diff --git a/openssh/defaults.yaml b/openssh/defaults.yaml index aaa1bcb..02862d3 100644 --- a/openssh/defaults.yaml +++ b/openssh/defaults.yaml @@ -11,24 +11,7 @@ openssh: ssh_config: Hosts: '*': - ForwardAgent: no - ForwardX11: no - RhostsRSAAuthentication: no - RSAAuthentication: yes - PasswordAuthentication: yes - HostbasedAuthentication: no - GSSAPIAuthentication: no + SendEnv: LANG LC_* + HashKnownHosts: yes + GSSAPIAuthentication: yes GSSAPIDelegateCredentials: no - BatchMode: no - CheckHostIP: yes - AddressFamily: any - ConnectTimeout: 0 - StrictHostKeyChecking: ask - IdentityFile: "~/.ssh/id_rsa" - Port: 22 - Protocol: 2 - Cipher: 3des - Tunnel: no - TunnelDevice: "any:any" - PermitLocalCommand: no - VisualHostKey: no From bd8d46d7847599bc30e8d68ea0f65a9c1a98d039 Mon Sep 17 00:00:00 2001 From: llua Date: Mon, 9 May 2016 23:44:20 -0400 Subject: [PATCH 08/15] add OpenBSD to map.jinja --- openssh/map.jinja | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/openssh/map.jinja b/openssh/map.jinja index 3d7a4ab..5748db6 100644 --- a/openssh/map.jinja +++ b/openssh/map.jinja @@ -21,6 +21,10 @@ that differ from whats in defaults.yaml 'dig_pkg': 'bind-tools', 'root_group': 'wheel', }, + 'OpenBSD': { + 'service': 'sshd', + 'root_group': 'wheel', + }, 'Gentoo': { 'server': 'net-misc/openssh', 'client': 'net-misc/openssh', @@ -59,6 +63,9 @@ that differ from whats in defaults.yaml 'FreeBSD': { 'Subsystem': 'sftp /usr/libexec/sftp-server', }, + 'OpenBSD': { + 'Subsystem': 'sftp /usr/libexec/sftp-server', + }, 'Suse': { 'Subsystem': 'sftp /usr/lib/ssh/sftp-server', }, From dfb04a43b44a607cd9f449db49fd57cc8a1ee2e7 Mon Sep 17 00:00:00 2001 From: Eric Cook Date: Mon, 9 May 2016 23:47:57 -0400 Subject: [PATCH 09/15] set dig_pkg on arch linux for issue #59 --- openssh/map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/openssh/map.jinja b/openssh/map.jinja index 3d7a4ab..6146031 100644 --- a/openssh/map.jinja +++ b/openssh/map.jinja @@ -10,6 +10,7 @@ that differ from whats in defaults.yaml 'server': 'openssh', 'client': 'openssh', 'service': 'sshd', + 'dig_pkg': 'bind-utils', }, 'Debian': { 'server': 'openssh-server', From 3542a1f5341af722b411d6c582099c95153aea98 Mon Sep 17 00:00:00 2001 From: Matthieu DERASSE Date: Wed, 25 May 2016 00:06:45 +0200 Subject: [PATCH 10/15] Implement Session idle time out --- openssh/files/sshd_config | 4 ++++ pillar.example | 2 ++ 2 files changed, 6 insertions(+) diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config index 62ce97b..75df57d 100644 --- a/openssh/files/sshd_config +++ b/openssh/files/sshd_config @@ -66,6 +66,10 @@ {{ option_default_uncommented('SyslogFacility', 'AUTH') }} {{ option_default_uncommented('LogLevel', 'INFO') }} +# Session idle time out +{{ option_default_uncommented('ClientAliveInterval', 0) }} +{{ option_default_uncommented('ClientAliveCountMax', 3) }} + # Authentication: {{ option_default_uncommented('LoginGraceTime', 120) }} {{ option_default_uncommented('PermitRootLogin', 'yes') }} diff --git a/pillar.example b/pillar.example index 4895add..d678fde 100644 --- a/pillar.example +++ b/pillar.example @@ -11,6 +11,8 @@ sshd_config: ServerKeyBits: 768 SyslogFacility: AUTH LogLevel: INFO + ClientAliveInterval: 0 + ClientAliveCountMax: 3 LoginGraceTime: 120 PermitRootLogin: 'yes' PasswordAuthentication: 'no' From 641851632f5fe10c06991530f5f38c3dc3bb206f Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Thu, 26 May 2016 21:57:02 +0200 Subject: [PATCH 11/15] add more authentication options --- openssh/files/sshd_config | 2 ++ pillar.example | 2 ++ 2 files changed, 4 insertions(+) diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config index 75df57d..471e031 100644 --- a/openssh/files/sshd_config +++ b/openssh/files/sshd_config @@ -74,6 +74,8 @@ {{ option_default_uncommented('LoginGraceTime', 120) }} {{ option_default_uncommented('PermitRootLogin', 'yes') }} {{ option_default_uncommented('StrictModes', 'yes') }} +{{ option_default_uncommented('MaxAuthTries', '6') }} +{{ option_default_uncommented('MaxSessions', '10') }} {{ option('DSAAuthentication', 'yes') }} {{ option_default_uncommented('RSAAuthentication', 'yes') }} diff --git a/pillar.example b/pillar.example index d678fde..070a400 100644 --- a/pillar.example +++ b/pillar.example @@ -17,6 +17,8 @@ sshd_config: PermitRootLogin: 'yes' PasswordAuthentication: 'no' StrictModes: 'yes' + MaxAuthTries: 6 + MaxSessions: 10 RSAAuthentication: 'yes' PubkeyAuthentication: 'yes' IgnoreRhosts: 'yes' From 87057c7c6b6ad05aa6d7dbda08c2cf3f08523b2d Mon Sep 17 00:00:00 2001 From: Jonathon Anderson Date: Fri, 1 Jul 2016 23:53:00 -0600 Subject: [PATCH 12/15] Correct openssh-clients package name for Red Hat --- openssh/map.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssh/map.jinja b/openssh/map.jinja index 053c359..908b645 100644 --- a/openssh/map.jinja +++ b/openssh/map.jinja @@ -34,7 +34,7 @@ that differ from whats in defaults.yaml }, 'RedHat': { 'server': 'openssh-server', - 'client': 'openssh', + 'client': 'openssh-clients', 'service': 'sshd', 'dig_pkg': 'bind-utils', }, From 781be61881eda430a752ec558d7ebc1c965f78e0 Mon Sep 17 00:00:00 2001 From: Lev Lozhkin Date: Tue, 19 Jul 2016 13:23:48 -0700 Subject: [PATCH 13/15] Convert dig exist check to unless req --- openssh/known_hosts.sls | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/openssh/known_hosts.sls b/openssh/known_hosts.sls index af22f6b..9541e55 100644 --- a/openssh/known_hosts.sls +++ b/openssh/known_hosts.sls @@ -1,14 +1,9 @@ {% from "openssh/map.jinja" import openssh with context %} -check for existing dig: - cmd.run: - - name: which dig - ensure dig is available: pkg.installed: - name: {{ openssh.dig_pkg }} - - onfail: - - cmd: check for existing dig + - unless: which dig manage ssh_known_hosts file: file.managed: From e6603ae62a0ffc30e89ca304162f0bad271d9483 Mon Sep 17 00:00:00 2001 From: Pandu E Poluan Date: Mon, 1 Aug 2016 23:59:11 +0700 Subject: [PATCH 14/15] Allow moduli to be pulled as file Added Jinja logic to allow the option to pull the moduli from an online source. --- openssh/moduli.sls | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/openssh/moduli.sls b/openssh/moduli.sls index d871006..7e0bd3a 100644 --- a/openssh/moduli.sls +++ b/openssh/moduli.sls @@ -1,8 +1,19 @@ {% from "openssh/map.jinja" import openssh with context %} -{% if salt['pillar.get']('openssh:moduli', False) %} +{% set moduli = salt['pillar.get']('openssh:moduli', False) -%} +{% set moduli_source = salt['pillar.get']('openssh:moduli_source', False) -%} +{% if moduli or moduli_source -%} ssh_moduli: file.managed: - name: {{ openssh.ssh_moduli }} + {% if moduli -%} + # Although we have the contents of the moduli in the variable 'moduli', + # inlining the variable here *will* cause problems. Using the '|' literal string indicator + # Necessitates using the '|indent' filter, and this is too complex. + # Rather, let salt read the pillar itself. - contents_pillar: openssh:moduli + {% elif moduli_source -%} + - source: {{ moduli_source }} + - source_hash: {{ moduli_source|trim }}.hash + {%- endif %} {% endif %} From 11ba2acea7aedec3653ba27cc6ea9b6ff57cd614 Mon Sep 17 00:00:00 2001 From: Pandu E Poluan Date: Tue, 2 Aug 2016 00:03:14 +0700 Subject: [PATCH 15/15] Give information on using moduli_source Give additional comments to inform that moduli can also be provided via a file, using the moduli_source key. --- pillar.example | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 070a400..e22873a 100644 --- a/pillar.example +++ b/pillar.example @@ -155,13 +155,21 @@ openssh: - cname-to-minion.example.org - alias.example.org -# specify DH parameters (see /etc/ssh/moduli) + # specify DH parameters (see /etc/ssh/moduli) moduli: | # Time Type Tests Tries Size Generator Modulus 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F + # ALTERNATIVELY, specify the location of the moduli file. Examples: + #moduli_source: http://some.server.somewhere/salt/moduli + #moduli_source: salt://files/ssh/moduli + # If moduli is specified, moduli_source will be ignored. + # Also, a proper hash file *must* be included in the same path. E.g.: + # http://some.server.somewhere/salt/moduli.hash + # salt://files/ssh/moduli.hash + # These will be automatically referenced to by the ssh_moduli state. # Required for openssh.known_hosts mine_functions: