saltstack-formulas/openssh-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'aboe76-improve_allowed_users_groups'

Browse Source
This commit is contained in:
Alexander Weidinger 2017-08-23 11:26:45 +02:00
commit a2dd72bb3e
2 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
openssh/files/sshd_config
View File

@ -74,9 +74,10 @@
{%- endmacro -%} {%- endmacro -%}
{%- if sshd_config.get('ConfigBanner', False) -%} {%- if sshd_config.get('ConfigBanner', False) -%}
{{ sshd_config['ConfigBanner'] }} {%- do processed_options.append('ConfigBanner') -%}
{{ sshd_config['ConfigBanner'] }}
{%- else -%} {%- else -%}
# This file is managed by salt. Manual changes risk being overwritten. # This file is managed by salt. Manual changes risk being overwritten.
{%- endif %} {%- endif %}
{%- set global_src_url = salt ['pillar.get']('__formulas:print_template_url', None) %} {%- set global_src_url = salt ['pillar.get']('__formulas:print_template_url', None) %}
{%- set local_src_url = salt ['pillar.get']('openssh-formula:print_template_url', None) %} {%- set local_src_url = salt ['pillar.get']('openssh-formula:print_template_url', None) %}
@ -207,13 +208,14 @@
# needs to to a DNS lookup # needs to to a DNS lookup
# #
# DenyUsers # DenyUsers
{{ option('DenyUsers', '') }} {{ option_string_or_list('DenyUsers', '', True , sep=' ')}}
# AllowUsers # AllowUsers
{{ option('AllowUsers', '') }} {{ option_string_or_list('AllowUsers', '', True , sep=' ')}}
# DenyGroups # DenyGroups
{{ option('DenyGroups', '') }} {{ option_string_or_list('DenyGroups', '', True , sep=' ')}}
# AllowGroups # AllowGroups
{{ option('AllowGroups', '') }} {{ option_string_or_list('AllowGroups', '', True , sep=' ')}}
# Specifies the available KEX (Key Exchange) algorithms. # Specifies the available KEX (Key Exchange) algorithms.
{{ option_string_or_list('KexAlgorithms', 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1', True) }} {{ option_string_or_list('KexAlgorithms', 'ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1', True) }}

23
pillar.example
View File

@ -44,10 +44,33 @@ sshd_config:
Subsystem: "sftp /usr/lib/openssh/sftp-server" Subsystem: "sftp /usr/lib/openssh/sftp-server"
UsePAM: 'yes' UsePAM: 'yes'
UseDNS: 'yes' UseDNS: 'yes'
# set as string
AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke' AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke'
# or set as list
AllowUsers:
- vader@10.0.0.1
- maul@evil.com
- sidious
- luke
# set as string
DenyUsers: 'yoda chewbaca@112.10.21.1' DenyUsers: 'yoda chewbaca@112.10.21.1'
# or set as list
DenyUsers:
- yoda
- chewbaca@112.10.21.1
# set as string
AllowGroups: 'wheel staff imperial' AllowGroups: 'wheel staff imperial'
# or set as list
AllowGroups:
- wheel
- staff
- imperial
# set as string
DenyGroups: 'rebel' DenyGroups: 'rebel'
# or set as list
DenyGroups:
- rebel
- badcompany
matches: matches:
sftp_chroot: sftp_chroot:
type: type: