diff --git a/openssh/auth.sls b/openssh/auth.sls index a7980c9..e74c8c5 100644 --- a/openssh/auth.sls +++ b/openssh/auth.sls @@ -38,12 +38,14 @@ include: {{ print_name(identifier, key) }}: ssh_auth.present: {{ print_ssh_auth(identifier, key) }} + - config: {{ pillar['sshd_config']['AuthorizedKeysFile'] }} - require: - service: {{ openssh.service }} {%- else %} {{ print_name(identifier, key) }}: ssh_auth.absent: {{ print_ssh_auth(identifier, key) }} + - config: {{ pillar['sshd_config']['AuthorizedKeysFile'] }} {%- endif -%} {%- endfor -%} -{%- endfor -%} +{%- endfor -%} \ No newline at end of file diff --git a/pillar.example b/pillar.example index 4895add..6baf78d 100644 --- a/pillar.example +++ b/pillar.example @@ -23,6 +23,7 @@ sshd_config: PermitEmptyPasswords: 'no' ChallengeResponseAuthentication: 'no' AuthenticationMethods: 'publickey,keyboard-interactive' + AuthorizedKeysFile: '%h/.ssh/authorized_keys' X11Forwarding: 'yes' X11DisplayOffset: 10 PrintMotd: 'no' @@ -80,16 +81,19 @@ openssh: present: True enc: ssh-rsa comment: main key - desktop + source: salt://ssh_keys/joe.desktop.pub joe-valid-ssh-key-notebook: - user: joe present: True enc: ssh-rsa comment: main key - notebook + source: salt://ssh_keys/joe.netbook.pub joe-non-valid-ssh-key: - user: joe present: False enc: ssh-rsa comment: obsolete key - removed + source: salt://ssh_keys/joe.no-valid.pub generate_dsa_keys: False absent_dsa_keys: False