saltstack-formulas/openssh-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add ed25519 host key type; add AuthenticationMethods option

Browse Source
This commit is contained in:
Bohdan Kmit 2015-01-16 17:21:10 +00:00
parent b62872591c
commit b843d8168b
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openssh/files/sshd_config
View File

@ -54,7 +54,7 @@
{{ option_default_uncommented('Protocol', 2) }} {{ option_default_uncommented('Protocol', 2) }}
# HostKeys for protocol version 2 # HostKeys for protocol version 2
{{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key']) -}} {{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']) -}}
#Privilege Separation is turned on for security #Privilege Separation is turned on for security
{{ option_default_uncommented('UsePrivilegeSeparation', 'yes') }} {{ option_default_uncommented('UsePrivilegeSeparation', 'yes') }}
@ -92,6 +92,7 @@
# Change to yes to enable challenge-response passwords (beware issues with # Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads) # some PAM modules and threads)
{{ option_default_uncommented('ChallengeResponseAuthentication', 'no') }} {{ option_default_uncommented('ChallengeResponseAuthentication', 'no') }}
{{ option('AuthenticationMethods', 'publickey,keyboard-interactive') }}
# Change to no to disable tunnelled clear text passwords # Change to no to disable tunnelled clear text passwords
{{ option('PasswordAuthentication', 'yes') }} {{ option('PasswordAuthentication', 'yes') }}

2
pillar.example
View File

@ -5,6 +5,7 @@ sshd_config:
- /etc/ssh/ssh_host_rsa_key - /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_dsa_key - /etc/ssh/ssh_host_dsa_key
- /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation: 'yes' UsePrivilegeSeparation: 'yes'
KeyRegenerationInterval: 3600 KeyRegenerationInterval: 3600
ServerKeyBits: 768 ServerKeyBits: 768
@ -21,6 +22,7 @@ sshd_config:
HostbasedAuthentication: 'no' HostbasedAuthentication: 'no'
PermitEmptyPasswords: 'no' PermitEmptyPasswords: 'no'
ChallengeResponseAuthentication: 'no' ChallengeResponseAuthentication: 'no'
AuthenticationMethods 'publickey,keyboard-interactive'
X11Forwarding: 'yes' X11Forwarding: 'yes'
X11DisplayOffset: 10 X11DisplayOffset: 10
PrintMotd: 'no' PrintMotd: 'no'