saltstack-formulas/openssh-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #28 from aboe76/allow_deny_users

Browse Source 
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
This commit is contained in:
Nitin Madhok 2015-01-18 00:53:57 +05:30
commit 4e49e73e76
2 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
openssh/files/sshd_config
View File

@ -137,6 +137,25 @@
# DNS resolve and map remote IP addresses # DNS resolve and map remote IP addresses
{{ option('UseDNS', 'yes') }} {{ option('UseDNS', 'yes') }}
# Restricting Users and Hosts
# example:
# AllowUsers vader@10.0.0.1 maul@sproing.evil.com luke
# AllowGroups wheel staff
#
# Keep in mind that using AllowUsers or AllowGroups means that anyone
# not Matching one of the supplied patterns will be denied access by default.
# Also, in order for sshd to allow access based on full or partial hostnames it
# needs to to a DNS lookup
#
# DenyUsers
{{ option('DenyUsers', '') }}
# AllowUsers
{{ option('AllowUsers', '') }}
# DenyGroups
{{ option('DenyGroups', '') }}
# AllowGroups
{{ option('AllowGroups', '') }}
{# Handling unknown in salt template options #} {# Handling unknown in salt template options #}
{%- for keyword in sshd_config.keys() %} {%- for keyword in sshd_config.keys() %}
{#- Matches have to be at the bottem and should be handled differently -#} {#- Matches have to be at the bottem and should be handled differently -#}

5
pillar.example
View File

@ -32,6 +32,11 @@ sshd_config:
Subsystem: "sftp /usr/lib/openssh/sftp-server" Subsystem: "sftp /usr/lib/openssh/sftp-server"
UsePAM: 'yes' UsePAM: 'yes'
UseDNS: 'yes' UseDNS: 'yes'
AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke'
DenyUsers: 'yoda chewbaca@112.10.21.1'
AllowGroups: 'wheel staff imperial'
DenyGroups: 'rebel'
Deny
matches: matches:
sftp_chroot: sftp_chroot:
type: type: