Merge pull request #24 from fpletz/feature/ed25519_host_keys

Add support for ed25519 host keys

openssh/config.sls

@@ -13,7 +13,7 @@ sshd_config:
     - watch_in:
       - service: openssh
 
-{% for keyType in ['ecdsa', 'dsa', 'rsa'] %}
+{% for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}
 {% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}
 ssh_generate_host_{{ keyType }}_key:
   cmd.run:
@@ -40,4 +40,4 @@ ssh_host_{{ keyType }}_key.pub:
     - require_in:
       - service: {{ openssh.service }}
 {% endif %}
-{% endfor %}
+{% endfor %}

pillar.example

@@ -51,6 +51,9 @@ openssh:
         present: False
         enc: ssh-rsa
         comment: obsolete key - removed
+
+  generate_dsa_keys: False
+  provide_dsa_keys: False
   dsa:
     private_key: |
       -----BEGIN DSA PRIVATE KEY-----
@@ -58,6 +61,9 @@ openssh:
       -----END DSA PRIVATE KEY-----
     public_key: |
       ssh-dss NOT_DEFINED
+
+  generate_ecdsa_keys: False
+  provide_ecdsa_keys: False
   ecdsa:
     private_key: |
       -----BEGIN EC PRIVATE KEY-----
@@ -65,12 +71,9 @@ openssh:
       -----END EC PRIVATE KEY-----
     public_key: |
       ecdsa-sha2-nistp256 NOT_DEFINED
-  provide_dsa_keys: False
+
-  provide_ecdsa_keys: False
-  provide_rsa_keys: False
-  generate_dsa_keys: False
-  generate_ecdsa_keys: False
   generate_rsa_keys: False
+  provide_rsa_keys: False
   rsa:
     private_key: |
       -----BEGIN RSA PRIVATE KEY-----
@@ -78,3 +81,13 @@ openssh:
       -----END RSA PRIVATE KEY-----
     public_key: |
       ssh-rsa NOT_DEFINED
+
+  generate_ed25519_keys: False
+  provide_ed25519_keys: False
+  ed25519:
+    private_key: |
+      -----BEGIN OPENSSH PRIVATE KEY-----
+      NOT_DEFINED
+      -----END OPENSSH PRIVATE KEY-----
+    public_key: |
+      ssh-ed25519 NOT_DEFINED