diff --git a/openssh/init.sls b/openssh/init.sls index 6ea329b..25266b6 100644 --- a/openssh/init.sls +++ b/openssh/init.sls @@ -12,14 +12,56 @@ openssh: - file: sshd_banner - watch: - file: sshd_config + {% if salt['pillar.get']('openssh:provide_dsa_keys', False) %} + - file: /etc/ssh/ssh_host_dsa_key + - file: /etc/ssh/ssh_host_dsa_key.pub + {% endif %} + {% if salt['pillar.get']('openssh:provide_rsa_keys', False) %} + - file: /etc/ssh/ssh_host_rsa_key + - file: /etc/ssh/ssh_host_rsa_key.pub + {% endif %} sshd_config: file.managed: - name: /etc/ssh/sshd_config - source: salt://openssh/files/sshd_config + - user: root + - mode: 600 sshd_banner: file.managed: - name: /etc/ssh/banner - source: salt://openssh/files/banner - template: jinja + +{% if salt['pillar.get']('openssh:provide_dsa_keys', False) %} +ssh_host_dsa_key: + file.managed: + - name: /etc/ssh/ssh_host_dsa_key + - contents_pillar: 'openssh:dsa:private_key' + - user: root + - mode: 600 + +ssh_host_dsa_key.pub: + file.managed: + - name: /etc/ssh/ssh_host_dsa_key.pub + - contents_pillar: 'openssh:dsa:public_key' + - user: root + - mode: 600 +{% endif %} + +{% if salt['pillar.get']('openssh:provide_rsa_keys', False) %} +ssh_host_rsa_key: + file.managed: + - name: /etc/ssh/ssh_host_rsa_key + - contents_pillar: 'openssh:rsa:private_key' + - user: root + - mode: 600 + +ssh_host_rsa_key.pub: + file.managed: + - name: /etc/ssh/ssh_host_rsa_key.pub + - contents_pillar: 'openssh:rsa:public_key' + - user: root + - mode: 600 +{% endif %} diff --git a/pillar.example b/pillar.example index e69de29..cad6153 100644 --- a/pillar.example +++ b/pillar.example @@ -0,0 +1,18 @@ +#``openssh`` formula configuration: +openssh: + dsa: + private_key: | + -----BEGIN DSA PRIVATE KEY----- + NOT_DEFINED + -----END DSA PRIVATE KEY----- + public_key: | + ssh-dss NOT_DEFINED + provide_dsa_keys: False + provide_rsa_keys: False + rsa: + private_key: | + -----BEGIN RSA PRIVATE KEY----- + NOT_DEFINED + -----END RSA PRIVATE KEY----- + public_key: | + ssh-rsa NOT_DEFINED