Commit Graph

106 Commits

Author SHA1 Message Date
elfixit
18ba94d0fc add options to give a key size to generate_key 2015-07-12 18:09:26 +02:00
Ingo Bente
a927107b28 Adds support to customize /etc/ssh/moduli file 2015-07-02 19:09:41 +02:00
Ingo Bente
83bb5ac5a0 adds support to harden sshd_config (KeyExchange, Ciphers, MACs) 2015-06-30 14:33:57 +02:00
Thomas Juberg
6b68c44583 Stop messing up the first line in ssh_known_hosts 2015-06-25 14:28:26 +02:00
Imran Haider
4dddff0ccd Fix service name for Arch Linux 2015-06-20 14:24:51 -04:00
Niels Abspoel
2a68ccac1a Add option to remove ssh_host_keys 2015-06-07 20:37:33 +02:00
Niels Abspoel
ca62b7d118 Improve default lookup
Added defaults.yaml and map.jinja similar to template-formula and salt-formula
2015-06-02 22:52:59 +02:00
jvblasco
60691ef20d Fix bug that added : at the end of the key 2015-05-22 14:32:57 +02:00
Raphaël Hertzog
1b74efd2d0 Add a new openssh.known_hosts state
This state manages /etc/ssh/ssh_known_hosts and fills it with
public SSH host keys of other minions.
2015-03-26 17:50:32 +01:00
Marc Schiffbauer
c6aeaf4dc5 add gentoo support 2015-03-23 14:56:12 +01:00
Marc Schiffbauer
28e0916840 sort distros alphabetically 2015-03-23 14:55:40 +01:00
Bernd Schlapsi
6efc981885 Refactor auth.sls to allow more keys for one user 2015-01-28 22:17:07 +01:00
Niels Abspoel
33ee945557 Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
This will add more options to set to secure openssh
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
2015-01-16 22:56:59 +01:00
Bohdan Kmit
b843d8168b add ed25519 host key type; add AuthenticationMethods option 2015-01-16 17:21:10 +00:00
Niels Abspoel
5871efb5bd added archlinux support to openssh map.jinja 2015-01-01 00:44:17 +01:00
Franz Pletz
5d0f69ad2c Cleanups for host key pillar example 2014-12-15 07:00:45 +01:00
Franz Pletz
33f21a0976 Add support for ED25519 host keys 2014-12-15 07:00:17 +01:00
Nitin Madhok
620cc0f199 Update map.jinja 2014-12-08 16:01:00 -05:00
Nitin Madhok
131a5cafcb Update map.jinja 2014-12-08 15:46:30 -05:00
Nitin Madhok
9263857193 Update map.jinja
Correct indentation
2014-12-08 15:43:40 -05:00
Niels Abspoel
1efce43d55 Added Opensuse support to map.jinja 2014-12-08 21:38:23 +01:00
Skyler Berg
a83409182f Fix jinja spacing mistake for unknown options
When specifying multiple unknown ssh options, they would all appear on
the same line.
2014-11-18 14:58:57 -08:00
Tim Jones
09ca7de060 Allow newline after ListenAddress 2014-10-26 20:27:11 +01:00
Robert Fairburn
8616d3d130 fix comment 2014-09-19 12:01:57 -05:00
Robert Fairburn
b24101264f make sure to match options as the options dict! 2014-09-19 11:26:10 -05:00
Robert Fairburn
1a2de43ed7 defaults do not need a prefix 2014-09-19 11:21:31 -05:00
Robert Fairburn
85c97b450a fix a typo in keywords being sent improperly 2014-09-19 11:19:37 -05:00
Robert Fairburn
abf6e09fbb Fix a typo in the match jinja 2014-09-19 11:16:58 -05:00
Robert Fairburn
ba72c1e8b7 remove prefix when not needed 2014-09-19 10:55:19 -05:00
Robert Fairburn
c100fc88a3 allow for "Match" inside of an sshd_config 2014-09-19 10:47:35 -05:00
Alan Pearce
6fb57f40bc Config: Add support for generating keys 2014-08-24 16:09:12 +01:00
Alan Pearce
73eaef4ea0 Config: Add support for ECDSA host keys 2014-08-24 11:55:38 +01:00
Alan Pearce
ce46343562 Config: Refactor host key provisioning into loop 2014-08-24 11:55:38 +01:00
Alan Pearce
2876a691b0 Remove reference to root group
By not specifying it, root user's group should be used.
2014-08-19 21:44:38 +01:00
Alan Pearce
edc208b79b Add FreeBSD compatibility 2014-08-08 13:38:27 +01:00
Wes Turner
970777b9bb Add a UseDNS option to sshd_config 2014-07-22 00:35:11 -05:00
Oleg Tsarev
48ebd1b07b Changed sshd_config generation to more readable scheme.
Synced file with default from Ubuntu 12.04 latest
2014-05-05 19:28:13 +04:00
Seth House
cee3f097f0 Merge pull request #12 from z-saltstack/auth-sls-clean-whitespaces
Removed unneeded whitespace from auth.sls
2014-04-28 18:03:58 -06:00
matthew-parlette
cdfab3953d Define a line for each option.
This provides a default option (according to the package-provided config file) for each option in the config.
2014-04-26 18:22:17 -04:00
Oleg Tsarev
7521398506 Removed unneeded whitespace from auth.sls 2014-04-26 22:40:29 +02:00
matthew-parlette
2f28a008c2 Cleared out static parts of config since it was causing issues 2014-04-25 16:33:07 -04:00
Seth House
b44c26cd13 Moved the rsa/dsa key management to config.sls 2014-03-17 16:17:04 -06:00
Seth House
351a6b81dc Merge remote-tracking branch 'origin/pr/3'
Conflicts:
	openssh/files/sshd_config
	openssh/init.sls
	pillar.example
2014-03-17 16:14:17 -06:00
Carlos Perelló Marín
e2cddca13e Reverted the namespace change to avoid conflicts and backward incompatibilities 2014-02-09 23:42:52 +01:00
Carlos Perelló Marín
47211d0648 Added support to manage ssh certificates 2014-02-09 23:38:30 +01:00
Kenny Do
6e418aa945 added a state that installs the openssh client 2014-01-18 05:00:20 -08:00
Kenny Do
b0c7009cb2 updated sshd_config file to be populated by pillar 2014-01-09 05:03:44 -08:00
Kenny Do
9f70270643 explicitly set the user, group, and mode to match the package's
sshd_config
2014-01-09 04:57:00 -08:00
Kenny Do
dc53d0c295 fixed the name of the service that the openssh config is watched by 2014-01-09 04:54:49 -08:00
Kenny Do
07771c0ebf Split the sshd_config and banner components into sub-states 2014-01-03 18:32:05 -08:00
Kenny Do
0a2468d87a created a map.jinja and updated openssh state to use those values 2014-01-03 16:54:51 -08:00
Mark Eggert
2e229681c7 Adding a small variable to the OpenSSH sshd_config file so that the service will work correctly on Centos 6.4 and earlier 2014-01-03 00:11:17 -06:00
Mark Eggert
d35929876f Modifying OpenSSH formula service name on RedHat since it is called 'sshd', not 'ssh' 2014-01-02 23:50:59 -06:00
Mark Eggert
92ac8a32aa Modifying OpenSSH formula state to populate public/private DSA and RSA keys based on pillar data 2014-01-02 22:34:48 -06:00
brandonparsons
90ce0d262f Specify the service name for ssh
Current code was asking for service 'openssh' which does not exist. It is 'ssh'. Specifying a name in the `service.running` block fixes this.
2013-12-05 05:57:21 -07:00
Thomas S Hatch
1224ee95f0 Add openssh files 2013-06-13 11:16:18 -06:00