saltstack-formulas/openssh-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #199 from myii/ci/add-vagrant-testing-via-github-actions

Browse Source 
ci: enable Vagrant-based testing using GitHub Actions
This commit is contained in:
Imran Iqbal 2021-03-26 16:59:17 +00:00 committed by GitHub
commit 7abe9c9d92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 678 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
.github/workflows/kitchen.vagrant.yml vendored Normal file
View File

@ -0,0 +1,35 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: 'Kitchen Vagrant (FreeBSD & OpenBSD)'
'on': ['push', 'pull_request']
env:
KITCHEN_LOCAL_YAML: 'kitchen.vagrant.yml'
jobs:
test:
runs-on: 'macos-10.15'
strategy:
fail-fast: false
matrix:
instance:
- default-freebsd-122-latest-py3
- default-freebsd-114-latest-py3
- default-openbsd-68-latest-py3
steps:
- name: 'Check out code'
uses: 'actions/checkout@v2'
- name: 'Set up Bundler cache'
uses: 'actions/cache@v1'
with:
path: 'vendor/bundle'
key: "${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}"
restore-keys: "${{ runner.os }}-gems-"
- name: 'Run Bundler'
run: |
ruby --version
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: 'Run Test Kitchen'
run: 'bundle exec kitchen verify ${{ matrix.instance }}'

1
.yamllint
View File

@ -16,6 +16,7 @@ ignore: |
node_modules/
test/**/states/**/*.sls
.kitchen/
test/salt/pillar/default.sls
yaml-files:
# Default settings

63
docs/README.rst
View File

@ -266,7 +266,7 @@ e.g. ``debian-9-2019-2-py3``.
``bin/kitchen converge``
^^^^^^^^^^^^^^^^^^^^^^^^
Creates the docker instance and runs the ``template`` main state, ready for testing.
Creates the docker instance and runs the ``openssh`` main states, ready for testing.
``bin/kitchen verify``
^^^^^^^^^^^^^^^^^^^^^^
@ -288,3 +288,64 @@ Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``veri
Gives you SSH access to the instance for manual testing.
Testing with Vagrant
--------------------
Windows/FreeBSD/OpenBSD testing is done with ``kitchen-salt``.
Requirements
^^^^^^^^^^^^
* Ruby
* Virtualbox
* Vagrant
Setup
^^^^^
.. code-block:: bash
$ gem install bundler
$ bundle install --with=vagrant
$ bin/kitchen test [platform]
Where ``[platform]`` is the platform name defined in ``kitchen.vagrant.yml``,
e.g. ``windows-81-latest-py3``.
Note
^^^^
When testing using Vagrant you must set the environment variable ``KITCHEN_LOCAL_YAML`` to ``kitchen.vagrant.yml``. For example:
.. code-block:: bash
$ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test # Alternatively,
$ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
$ bin/kitchen test
Then run the following commands as needed.
``bin/kitchen converge``
^^^^^^^^^^^^^^^^^^^^^^^^
Creates the Vagrant instance and runs the ``openssh`` main states, ready for testing.
``bin/kitchen verify``
^^^^^^^^^^^^^^^^^^^^^^
Runs the ``inspec`` tests on the actual instance.
``bin/kitchen destroy``
^^^^^^^^^^^^^^^^^^^^^^^
Removes the Vagrant instance.
``bin/kitchen test``
^^^^^^^^^^^^^^^^^^^^
Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.
``bin/kitchen login``
^^^^^^^^^^^^^^^^^^^^^
Gives you RDP/SSH access to the instance for manual testing.

27
kitchen.vagrant.yml
View File

@ -3,15 +3,26 @@
---
driver:
name: vagrant
cache_directory: false
customize:
usbxhci: 'off'
gui: false
linked_clone: true
ssh:
shell: /bin/sh
platforms:
- name: freebsd-120-2019-2-py3
- name: freebsd-122-latest-py3
driver:
box_url: https://freebsd.z.vstack.com/FreeBSD-12.0.box
cache_directory: false
customize:
usbxhci: 'off'
gui: false
linked_clone: true
box: bento/freebsd-12.2
- name: freebsd-114-latest-py3
driver:
box: bento/freebsd-11.4
- name: openbsd-68-latest-py3
driver:
box: generic/openbsd6
ssh:
shell: '/bin/sh'
shell: /bin/ksh
provisioner:
salt_install: bootstrap

1
kitchen.yml
View File

@ -310,6 +310,7 @@ suites:
- name: default
driver:
hostname: example.net
vm_hostname: example.net
provisioner:
state_top:
base:

6
openssh/known_hosts.sls
View File

@ -3,9 +3,13 @@
{%- from tplroot ~ "/libtofs.jinja" import files_switch %}
{%- set openssh = mapdata.openssh %}
{%- if openssh.dig_pkg %}
ensure dig is available:
pkg.installed:
- name: {{ openssh.dig_pkg }}
- require_in:
- file: manage ssh_known_hosts file
{%- endif %}
manage ssh_known_hosts file:
file.managed:
@ -19,5 +23,3 @@ manage ssh_known_hosts file:
- user: root
- group: {{ openssh.ssh_config_group }}
- mode: 644
- require:
- pkg: ensure dig is available

2
openssh/parameters/os_family/OpenBSD.yaml
View File

@ -12,6 +12,8 @@
values:
openssh:
service: sshd
# Already installed: `base68:/usr/bin/dig`
dig_pkg: ~
sshd_config_group: wheel
ssh_config_group: wheel
sshd_config:

6
test/integration/default/controls/config_spec.rb
View File

@ -27,7 +27,9 @@ control 'openssh configuration' do
its('content') { should include 'PrintMotd no' }
its('content') { should include 'AcceptEnv LANG LC_*' }
its('content') { should include 'Subsystem sftp /usr/lib/openssh/sftp-server' }
its('content') { should include 'UsePAM yes' }
unless %w[openbsd].include?(platform[:name])
its('content') { should include 'UsePAM yes' }
end
end
describe file('/etc/ssh/ssh_config') do
@ -45,7 +47,7 @@ control 'openssh configuration' do
it { should be_file }
its('mode') { should cmp '0644' }
it { should be_owned_by 'root' }
it { should be_grouped_into 'root' }
it { should be_grouped_into root_group }
its('content') { should include github_known_host }
its('content') { should match(gitlab_known_host_re) }
its('content') { should include minion_rsa_known_host }

183
test/integration/default/files/_mapdata/freebsd-11.yaml Normal file
View File

@ -0,0 +1,183 @@
# yamllint disable rule:indentation rule:line-length
# FreeBSD-12
---
values:
map_jinja:
sources:
- Y:G@osarch
- Y:G@os_family
- Y:G@os
- Y:G@osfinger
- C:SUB@openssh:lookup
- C:SUB@openssh
- C:SUB@sshd_config:lookup
- C:SUB@sshd_config
- C:SUB@ssh_config:lookup
- C:SUB@ssh_config
- Y:G@id
openssh:
absent_dsa_keys: false
absent_ecdsa_keys: false
absent_ed25519_keys: false
absent_rsa_keys: false
auth:
joe-non-valid-ssh-key:
- comment: obsolete key - removed
enc: ssh-rsa
present: false
source: salt://ssh_keys/joe.no-valid.pub
user: joe
joe-valid-ssh-key-desktop:
- comment: main key - desktop
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.desktop.pub
user: joe
joe-valid-ssh-key-notebook:
- comment: main key - notebook
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.netbook.pub
user: joe
auth_map:
personal_keys:
source: salt://ssh_keys
users:
joe:
joe.desktop: {}
joe.netbook:
options: []
joe.no-valid:
present: false
banner: /etc/ssh/banner
banner_src: banner
banner_string: 'Welcome to example.net!
'
client_version: latest
dig_pkg: bind-tools
dsa:
private_key: '-----BEGIN DSA PRIVATE KEY-----
NOT_DEFINED
-----END DSA PRIVATE KEY-----
'
public_key: 'ssh-dss NOT_DEFINED
'
ecdsa:
private_key: '-----BEGIN EC PRIVATE KEY-----
NOT_DEFINED
-----END EC PRIVATE KEY-----
'
public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
'
ed25519:
private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
NOT_DEFINED
-----END OPENSSH PRIVATE KEY-----
'
public_key: 'ssh-ed25519 NOT_DEFINED
'
enforce_rsa_size: false
generate_dsa_keys: false
generate_ecdsa_keys: false
generate_ed25519_keys: false
generate_rsa_keys: false
generate_rsa_size: 4096
host_key_algos: ecdsa,ed25519,rsa
known_hosts:
aliases:
- cname-to-minion.example.org
- alias.example.org
hostnames: false
include_localhost: false
mine_hostname_function: public_ssh_hostname
mine_keys_function: public_ssh_host_keys
omit_ip_address:
- github.com
salt_ssh:
public_ssh_host_keys:
minion.id: 'ssh-rsa [...]
ssh-ed25519 [...]
'
public_ssh_host_names:
minion.id:
- minion.id
- alias.of.minion.id
user: salt-master
static:
github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
target: '*'
tgt_type: glob
moduli: '# Time Type Tests Tries Size Generator Modulus
20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
'
provide_dsa_keys: false
provide_ecdsa_keys: false
provide_ed25519_keys: false
provide_rsa_keys: false
root_group: root
rsa:
private_key: '-----BEGIN RSA PRIVATE KEY-----
NOT_DEFINED
-----END RSA PRIVATE KEY-----
'
public_key: 'ssh-rsa NOT_DEFINED
'
server_version: latest
service: sshd
ssh_config: /etc/ssh/ssh_config
ssh_config_backup: true
ssh_config_group: wheel
ssh_config_mode: '644'
ssh_config_src: ssh_config
ssh_config_user: root
ssh_known_hosts: /etc/ssh/ssh_known_hosts
ssh_known_hosts_src: ssh_known_hosts
ssh_moduli: /etc/ssh/moduli
sshd_binary: /usr/sbin/sshd
sshd_config: /etc/ssh/sshd_config
sshd_config_backup: true
sshd_config_group: wheel
sshd_config_mode: '644'
sshd_config_src: sshd_config
sshd_config_user: root
sshd_enable: true
tofs:
source_files:
manage ssh_known_hosts file:
- alt_ssh_known_hosts
ssh_config:
- alt_ssh_config
sshd_banner:
- fire_banner
sshd_config:
- alt_sshd_config
ssh_config:
Hosts:
'*':
GSSAPIAuthentication: 'yes'
HashKnownHosts: 'yes'
SendEnv: LANG LC_*
sshd_config:
AcceptEnv: LANG LC_*
ChallengeResponseAuthentication: 'no'
PrintMotd: 'no'
Subsystem: sftp /usr/lib/openssh/sftp-server
UsePAM: 'yes'
X11Forwarding: 'yes'

183
test/integration/default/files/_mapdata/freebsd-12.yaml Normal file
View File

@ -0,0 +1,183 @@
# yamllint disable rule:indentation rule:line-length
# FreeBSD-12
---
values:
map_jinja:
sources:
- Y:G@osarch
- Y:G@os_family
- Y:G@os
- Y:G@osfinger
- C:SUB@openssh:lookup
- C:SUB@openssh
- C:SUB@sshd_config:lookup
- C:SUB@sshd_config
- C:SUB@ssh_config:lookup
- C:SUB@ssh_config
- Y:G@id
openssh:
absent_dsa_keys: false
absent_ecdsa_keys: false
absent_ed25519_keys: false
absent_rsa_keys: false
auth:
joe-non-valid-ssh-key:
- comment: obsolete key - removed
enc: ssh-rsa
present: false
source: salt://ssh_keys/joe.no-valid.pub
user: joe
joe-valid-ssh-key-desktop:
- comment: main key - desktop
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.desktop.pub
user: joe
joe-valid-ssh-key-notebook:
- comment: main key - notebook
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.netbook.pub
user: joe
auth_map:
personal_keys:
source: salt://ssh_keys
users:
joe:
joe.desktop: {}
joe.netbook:
options: []
joe.no-valid:
present: false
banner: /etc/ssh/banner
banner_src: banner
banner_string: 'Welcome to example.net!
'
client_version: latest
dig_pkg: bind-tools
dsa:
private_key: '-----BEGIN DSA PRIVATE KEY-----
NOT_DEFINED
-----END DSA PRIVATE KEY-----
'
public_key: 'ssh-dss NOT_DEFINED
'
ecdsa:
private_key: '-----BEGIN EC PRIVATE KEY-----
NOT_DEFINED
-----END EC PRIVATE KEY-----
'
public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
'
ed25519:
private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
NOT_DEFINED
-----END OPENSSH PRIVATE KEY-----
'
public_key: 'ssh-ed25519 NOT_DEFINED
'
enforce_rsa_size: false
generate_dsa_keys: false
generate_ecdsa_keys: false
generate_ed25519_keys: false
generate_rsa_keys: false
generate_rsa_size: 4096
host_key_algos: ecdsa,ed25519,rsa
known_hosts:
aliases:
- cname-to-minion.example.org
- alias.example.org
hostnames: false
include_localhost: false
mine_hostname_function: public_ssh_hostname
mine_keys_function: public_ssh_host_keys
omit_ip_address:
- github.com
salt_ssh:
public_ssh_host_keys:
minion.id: 'ssh-rsa [...]
ssh-ed25519 [...]
'
public_ssh_host_names:
minion.id:
- minion.id
- alias.of.minion.id
user: salt-master
static:
github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
target: '*'
tgt_type: glob
moduli: '# Time Type Tests Tries Size Generator Modulus
20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
'
provide_dsa_keys: false
provide_ecdsa_keys: false
provide_ed25519_keys: false
provide_rsa_keys: false
root_group: root
rsa:
private_key: '-----BEGIN RSA PRIVATE KEY-----
NOT_DEFINED
-----END RSA PRIVATE KEY-----
'
public_key: 'ssh-rsa NOT_DEFINED
'
server_version: latest
service: sshd
ssh_config: /etc/ssh/ssh_config
ssh_config_backup: true
ssh_config_group: wheel
ssh_config_mode: '644'
ssh_config_src: ssh_config
ssh_config_user: root
ssh_known_hosts: /etc/ssh/ssh_known_hosts
ssh_known_hosts_src: ssh_known_hosts
ssh_moduli: /etc/ssh/moduli
sshd_binary: /usr/sbin/sshd
sshd_config: /etc/ssh/sshd_config
sshd_config_backup: true
sshd_config_group: wheel
sshd_config_mode: '644'
sshd_config_src: sshd_config
sshd_config_user: root
sshd_enable: true
tofs:
source_files:
manage ssh_known_hosts file:
- alt_ssh_known_hosts
ssh_config:
- alt_ssh_config
sshd_banner:
- fire_banner
sshd_config:
- alt_sshd_config
ssh_config:
Hosts:
'*':
GSSAPIAuthentication: 'yes'
HashKnownHosts: 'yes'
SendEnv: LANG LC_*
sshd_config:
AcceptEnv: LANG LC_*
ChallengeResponseAuthentication: 'no'
PrintMotd: 'no'
Subsystem: sftp /usr/lib/openssh/sftp-server
UsePAM: 'yes'
X11Forwarding: 'yes'

182
test/integration/default/files/_mapdata/openbsd-6.yaml Normal file
View File

@ -0,0 +1,182 @@
# yamllint disable rule:indentation rule:line-length
# OpenBSD-6
---
values:
map_jinja:
sources:
- Y:G@osarch
- Y:G@os_family
- Y:G@os
- Y:G@osfinger
- C:SUB@openssh:lookup
- C:SUB@openssh
- C:SUB@sshd_config:lookup
- C:SUB@sshd_config
- C:SUB@ssh_config:lookup
- C:SUB@ssh_config
- Y:G@id
openssh:
absent_dsa_keys: false
absent_ecdsa_keys: false
absent_ed25519_keys: false
absent_rsa_keys: false
auth:
joe-non-valid-ssh-key:
- comment: obsolete key - removed
enc: ssh-rsa
present: false
source: salt://ssh_keys/joe.no-valid.pub
user: joe
joe-valid-ssh-key-desktop:
- comment: main key - desktop
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.desktop.pub
user: joe
joe-valid-ssh-key-notebook:
- comment: main key - notebook
enc: ssh-rsa
present: true
source: salt://ssh_keys/joe.netbook.pub
user: joe
auth_map:
personal_keys:
source: salt://ssh_keys
users:
joe:
joe.desktop: {}
joe.netbook:
options: []
joe.no-valid:
present: false
banner: /etc/ssh/banner
banner_src: banner
banner_string: 'Welcome to example.net!
'
client_version: latest
dig_pkg: ~
dsa:
private_key: '-----BEGIN DSA PRIVATE KEY-----
NOT_DEFINED
-----END DSA PRIVATE KEY-----
'
public_key: 'ssh-dss NOT_DEFINED
'
ecdsa:
private_key: '-----BEGIN EC PRIVATE KEY-----
NOT_DEFINED
-----END EC PRIVATE KEY-----
'
public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED
'
ed25519:
private_key: '-----BEGIN OPENSSH PRIVATE KEY-----
NOT_DEFINED
-----END OPENSSH PRIVATE KEY-----
'
public_key: 'ssh-ed25519 NOT_DEFINED
'
enforce_rsa_size: false
generate_dsa_keys: false
generate_ecdsa_keys: false
generate_ed25519_keys: false
generate_rsa_keys: false
generate_rsa_size: 4096
host_key_algos: ecdsa,ed25519,rsa
known_hosts:
aliases:
- cname-to-minion.example.org
- alias.example.org
hostnames: false
include_localhost: false
mine_hostname_function: public_ssh_hostname
mine_keys_function: public_ssh_host_keys
omit_ip_address:
- github.com
salt_ssh:
public_ssh_host_keys:
minion.id: 'ssh-rsa [...]
ssh-ed25519 [...]
'
public_ssh_host_names:
minion.id:
- minion.id
- alias.of.minion.id
user: salt-master
static:
github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]
gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...]
target: '*'
tgt_type: glob
moduli: '# Time Type Tests Tries Size Generator Modulus
20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63
20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB
20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53
20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F
'
provide_dsa_keys: false
provide_ecdsa_keys: false
provide_ed25519_keys: false
provide_rsa_keys: false
root_group: root
rsa:
private_key: '-----BEGIN RSA PRIVATE KEY-----
NOT_DEFINED
-----END RSA PRIVATE KEY-----
'
public_key: 'ssh-rsa NOT_DEFINED
'
server_version: latest
service: sshd
ssh_config: /etc/ssh/ssh_config
ssh_config_backup: true
ssh_config_group: wheel
ssh_config_mode: '644'
ssh_config_src: ssh_config
ssh_config_user: root
ssh_known_hosts: /etc/ssh/ssh_known_hosts
ssh_known_hosts_src: ssh_known_hosts
ssh_moduli: /etc/ssh/moduli
sshd_binary: /usr/sbin/sshd
sshd_config: /etc/ssh/sshd_config
sshd_config_backup: true
sshd_config_group: wheel
sshd_config_mode: '644'
sshd_config_src: sshd_config
sshd_config_user: root
sshd_enable: true
tofs:
source_files:
manage ssh_known_hosts file:
- alt_ssh_known_hosts
ssh_config:
- alt_ssh_config
sshd_banner:
- fire_banner
sshd_config:
- alt_sshd_config
ssh_config:
Hosts:
'*':
GSSAPIAuthentication: 'yes'
HashKnownHosts: 'yes'
SendEnv: LANG LC_*
sshd_config:
AcceptEnv: LANG LC_*
ChallengeResponseAuthentication: 'no'
PrintMotd: 'no'
Subsystem: sftp /usr/lib/openssh/sftp-server
X11Forwarding: 'yes'

2
test/salt/pillar/default.sls
View File

@ -22,7 +22,9 @@ sshd_config:
PrintMotd: 'no'
AcceptEnv: "LANG LC_*"
Subsystem: "sftp /usr/lib/openssh/sftp-server"
{%- if grains.os != "OpenBSD" %}
UsePAM: 'yes'
{%- endif %}
ssh_config:
Hosts: