From dda1fb5128700dacc467726ab26cbae30c8263d9 Mon Sep 17 00:00:00 2001 From: POTIER Mathieu Date: Tue, 17 Nov 2015 11:09:37 +0100 Subject: [PATCH 1/3] Put ssh keys on configured path in sshd_config (AuthorizedKeysFile) Signed-off-by: POTIER Mathieu --- openssh/auth.sls | 4 +++- pillar.example | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/openssh/auth.sls b/openssh/auth.sls index a7980c9..e74c8c5 100644 --- a/openssh/auth.sls +++ b/openssh/auth.sls @@ -38,12 +38,14 @@ include: {{ print_name(identifier, key) }}: ssh_auth.present: {{ print_ssh_auth(identifier, key) }} + - config: {{ pillar['sshd_config']['AuthorizedKeysFile'] }} - require: - service: {{ openssh.service }} {%- else %} {{ print_name(identifier, key) }}: ssh_auth.absent: {{ print_ssh_auth(identifier, key) }} + - config: {{ pillar['sshd_config']['AuthorizedKeysFile'] }} {%- endif -%} {%- endfor -%} -{%- endfor -%} +{%- endfor -%} \ No newline at end of file diff --git a/pillar.example b/pillar.example index 4895add..6baf78d 100644 --- a/pillar.example +++ b/pillar.example @@ -23,6 +23,7 @@ sshd_config: PermitEmptyPasswords: 'no' ChallengeResponseAuthentication: 'no' AuthenticationMethods: 'publickey,keyboard-interactive' + AuthorizedKeysFile: '%h/.ssh/authorized_keys' X11Forwarding: 'yes' X11DisplayOffset: 10 PrintMotd: 'no' @@ -80,16 +81,19 @@ openssh: present: True enc: ssh-rsa comment: main key - desktop + source: salt://ssh_keys/joe.desktop.pub joe-valid-ssh-key-notebook: - user: joe present: True enc: ssh-rsa comment: main key - notebook + source: salt://ssh_keys/joe.netbook.pub joe-non-valid-ssh-key: - user: joe present: False enc: ssh-rsa comment: obsolete key - removed + source: salt://ssh_keys/joe.no-valid.pub generate_dsa_keys: False absent_dsa_keys: False From f55445211c8247ffc706ee0f0a60753578553b0a Mon Sep 17 00:00:00 2001 From: POTIER Mathieu Date: Wed, 18 Nov 2015 20:33:50 +0100 Subject: [PATCH 2/3] Specify config clause only if defined in pillar. Signed-off-by: POTIER Mathieu --- openssh/auth.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/openssh/auth.sls b/openssh/auth.sls index e74c8c5..2bf04a8 100644 --- a/openssh/auth.sls +++ b/openssh/auth.sls @@ -38,14 +38,18 @@ include: {{ print_name(identifier, key) }}: ssh_auth.present: {{ print_ssh_auth(identifier, key) }} + {%- if 'sshd_config' in pillar and 'AuthorizedKeysFile' in pillar['sshd_config'] %} - config: {{ pillar['sshd_config']['AuthorizedKeysFile'] }} + {% endif -%} - require: - service: {{ openssh.service }} {%- else %} {{ print_name(identifier, key) }}: ssh_auth.absent: {{ print_ssh_auth(identifier, key) }} + {%- if 'sshd_config' in pillar and 'AuthorizedKeysFile' in pillar['sshd_config'] %} - config: {{ pillar['sshd_config']['AuthorizedKeysFile'] }} + {% endif -%} {%- endif -%} {%- endfor -%} {%- endfor -%} \ No newline at end of file From 760a2ad277d78965be52540bb7d63ba2ddebf81a Mon Sep 17 00:00:00 2001 From: Mathieu POTIER Date: Tue, 2 Aug 2016 09:54:46 +0200 Subject: [PATCH 3/3] fix the path to authkeys Allow user to specify aliased path (with %u) --- openssh/auth.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssh/auth.sls b/openssh/auth.sls index 7fb6b4b..184455f 100644 --- a/openssh/auth.sls +++ b/openssh/auth.sls @@ -39,7 +39,7 @@ include: ssh_auth.present: {{ print_ssh_auth(identifier, key) }} {%- if 'sshd_config' in pillar and 'AuthorizedKeysFile' in pillar['sshd_config'] %} - - config: {{ pillar['sshd_config']['AuthorizedKeysFile'] }} + - config: '{{ pillar['sshd_config']['AuthorizedKeysFile'] }}' {% endif -%} - require: - service: {{ openssh.service }} @@ -48,7 +48,7 @@ include: ssh_auth.absent: {{ print_ssh_auth(identifier, key) }} {%- if 'sshd_config' in pillar and 'AuthorizedKeysFile' in pillar['sshd_config'] %} - - config: {{ pillar['sshd_config']['AuthorizedKeysFile'] }} + - config: '{{ pillar['sshd_config']['AuthorizedKeysFile'] }}' {% endif -%} {%- endif -%} {%- endfor -%}