saltstack-formulas/openssh-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
245 Commits 3 Branches 27 Tags
Commit Graph

245 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Ermisch
45763f54aa Add host keys from pillar[openssh:known_hosts:static] to ssh_known_hosts 2018-04-26 16:56:18 +02:00
Niels Abspoel
b93448b5e6
Merge pull request #124 from arthurlogilab/123-add-ini-version-of-config 
[openssh/config_ini] initial version of config_ini which uses ini state
 2018-03-17 21:35:30 +01:00
Javier Bértoli
fdc3ca398d
Merge pull request #125 from aboe76/python3_support 
fix iteritems for python3
 2018-03-10 12:42:18 -03:00
Niels Abspoel
af9721a0f5 fix iteritems for python3 2018-03-10 16:35:57 +01:00
Raphaël Hertzog
6ccb9fc87d Replace deprecated "user" attribute by "runas" 2018-02-16 12:11:54 +01:00
Arthur Lutz
dcb70e5181 [openssh/config_ini] initial version of config_ini which uses ini state 
closes #123
 2018-02-15 17:43:13 +01:00
alxwr
73727bc218
Merge pull request #118 from Perceptyx/master 
[FIX] When key is present override generating by any way
 2017-12-29 04:02:08 +01:00
Mario Fritschen
e665450ed4 Changed expr_form to tgt_type for deprecation reasons. (#122) 2017-12-23 00:11:24 +01:00
alxwr
5e3368afcb drop default values (fixes #102) (#117) 
* drop default values (fixes #102)
* hmac-ripemd160 was dropped in 7.6
 2017-10-23 20:18:11 +02:00
Andres Montalban
26f2fc8e97 [FIX] When key is present override generating by any way 2017-10-15 17:55:44 -03:00
Alexander Weidinger
a2dd72bb3e Merge branch 'aboe76-improve_allowed_users_groups' 2017-08-23 11:26:45 +02:00
Niels Abspoel
9cdb9aaba0 improve allow_deny_users_groups 2017-08-21 23:35:04 +02:00
alxwr
178692f92e Merge pull request #113 from brianholland99/master 
Add ConfigBanner to processed_options when handled.
 2017-08-18 05:03:30 +02:00
Niels Abspoel
d157c0a36e Merge pull request #111 from saltstack-formulas/hostnames-in-known-hosts 
Hostnames in known hosts
 2017-08-16 14:29:25 +02:00
Brian Holland
6400516c5e Add ConfigBanner to processed_options when handled. 
This prevents a verbatim version being added to end of file that will
cause the parsing to fail.
 2017-08-15 23:08:23 -04:00
Niels Abspoel
0eda16c548 Merge pull request #112 from chessclub/multiline-banner-fix 
Fixed supporting multiline banner_string defined in the pillar.
 2017-08-11 10:30:56 +02:00
Tibold Kandrai
83e60fd840 Fixed supporting multiline banner_string defined in the pillar. 2017-08-10 15:45:05 +02:00
Alexander Weidinger
e523ae5281 Optionally add hostnames to known_hosts 2017-08-08 07:51:38 +02:00
Alexander Weidinger
75e582a7bc New macro: known_hosts_entry; added comments 2017-08-08 07:16:23 +02:00
Niels Abspoel
0924649158 Merge pull request #109 from saltstack-formulas/UsePrivilegeSeparation 
CentOS 6: UsePrivilegeSeparation 'yes' (fixes #108)
 2017-08-01 21:50:53 +02:00
Alexander Weidinger
f4cf9aa22b CentOS 6: UsePrivilegeSeparation 'yes' (fixes #108) 2017-08-01 14:50:08 +02:00
Niels Abspoel
9b7fc59a35 Merge pull request #107 from saltstack-formulas/UsePrivilegeSeparation 
UsePrivilegeSeparation 'sandbox'
 2017-08-01 09:23:56 +02:00
Alexander Weidinger
a5f4a56956 UsePrivilegeSeparation 'sandbox' 
This is was introduced in 5.9, and is default in 6.1.
https://www.openssh.com/txt/release-5.9
https://www.openssh.com/txt/release-6.1
 2017-08-01 00:02:03 +02:00
Niels Abspoel
2171040e11 Merge pull request #106 from saltstack-formulas/fix-keygen 
Fixed key generation
 2017-07-31 23:45:45 +02:00
Alexander Weidinger
7afea021c6 Fixed key generation 
- generate before running check_mk on the sshd_config
- set permissions on private key
- cope with empty keys
 2017-07-31 23:35:18 +02:00
alxwr
7cd1faac84 Merge pull request #105 from Perceptyx/master 
Create needed directory for UsePrivilegeSeparation option
 2017-07-31 22:57:41 +02:00
Andres Montalban
c7a97ae72f Create needed directory for UsePrivilegeSeparation option 2017-07-28 10:17:16 -03:00
Andres Montalban
1a65c5996e Merge remote-tracking branch 'upstream/master' 2017-07-28 10:13:55 -03:00
Niels Abspoel
6dba76fe56 Merge pull request #104 from Perceptyx/banner_fix 
Allow to configure SSH banner text in pillar
 2017-07-28 10:49:52 +02:00
Andres Montalban
3e7f6f7648 Merge pull request #1 from amontalban/banner_fix 
Allow to configure SSH banner text in pillar
 2017-07-27 19:57:41 -03:00
Andres Montalban
500c915c33 Allow to config banner in pillar 2017-07-27 19:55:34 -03:00
Andres Montalban
467c5e56fc Remove extra whitespace 2017-07-27 19:06:27 -03:00
Alexander Weidinger
c71f2ae4fa minor fix: use keyFile in config.sls 2017-07-04 22:47:02 +02:00
Alexander Weidinger
e44d8860f4 Sort Match options 2017-07-04 22:30:49 +02:00
Alexander Weidinger
d37de77ba2 Copied docs from commit to pillar.example 2017-07-04 22:05:56 +02:00
Alexander Weidinger
f810b27211 Merge branch 'prioritized-compound-match-2' of git://github.com/mikemol/openssh-formula 2017-07-04 21:58:05 +02:00
Alexander Weidinger
52b0eb2816 Merge branch 'mikemol-match-prioritization-2' 2017-07-04 21:42:17 +02:00
Florian Ermisch
add969822c add optional `{{source}} to sshd_config 2017-07-04 21:38:21 +02:00
Florian Ermisch
8594cd90ba add optional `{{source}} to ssh_config 2017-07-04 21:38:21 +02:00
Seth House
8dbb1e9088 Merge pull request #97 from 0xf10e/toggle_source_url 
Add optional {{ source }} to config files
 2017-06-22 01:05:42 -06:00
Florian Ermisch
dbf51549ed add optional `{{source}} to sshd_config 2017-06-22 00:03:35 +02:00
Florian Ermisch
e298397cc7 add optional `{{source}} to ssh_config 2017-06-22 00:03:28 +02:00
Michael Mol
6229a6d122 Stabily sort matches 
OpenSSH's Match declarations are applied first-match-wins. However, we
can't safely define two Matches that might overlap unless we first sort
the keys, as Python (and Jinja) dicts don't guarantee the order of
dict keys,

We also won't scramble the match sequence every time the user adds,
removes or renames a match, and so we give the user clearer, more
concise diffs as when they apply changes.

Finally, we leave a comment on the Match line identifying where the
Match rule came from, to assist in troubleshooting.
 2017-06-12 12:08:26 -04:00
Michael Mol
710175799b Support compound matches 
Support complex compound matches in Match criteria. For example, be able
to match against multiple Users for a given Match, or be able to match
against address ranges. Or Groups. Or any combination thereof.

Support for matching users can take one of several different appearances
in pillar data:

sshd_config:
  matches:
    match_1:
      type:
        User: one_user
      options:
        ChrootDirectory: /ex/%u
    match_2:
      type:
        User:
          - jim
          - bob
          - sally
      options:
        ChrootDirectory: /ex/%u
    match_3:
      type:
        User:
          jim: ~
          bob: ~
          sally: ~
      options:
        ChrootDirectory: /ex/%u

Note the syntax of match_3. By using empty dicts for each user, we can
leverage Salt's pillar mergine. If we use simple lists, we cannot do
this; Salt can't merge simple lists, because it doesn't know what order
they ought to be in.
 2017-06-12 11:43:46 -04:00
Michael Mol
345e07c85e Support Match prioritization 
OpenSSH's Match declarations are applied first-match-wins. However, we
can't safely define two Matches that might overlap unless we first sort
the keys, as Python (and Jinja) dicts don't guarantee the order of
dict keys,

We also won't scramble the match sequence every time the user adds,
removes or renames a match, and so we give the user clearer, more
concise diffs as when they apply changes.

Finally, we leave a comment on the Match line identifying where the
Match rule came from, to assist in troubleshooting.
 2017-06-09 15:51:13 -04:00
Niels Abspoel
0913827c82 Merge pull request #93 from amendlik/freebsd11-printlastlog 
PrintLastLog missing in FreeBSD 11.0
 2017-06-05 10:22:10 +02:00
Adam Mendlik
1284109335 PrintLastLog missing in FreeBSD 11.0 
The fix introduced in 678cc9066cb358b8a436341b4e31b796b4d82a4c
suppresses the PrintLastLog directive for FreeBSD 10.3.
SSH on FreeBSD 11.0 also does not support PrintLastLog, so this
change suppresses it for any version >= 10.3.
 2017-06-04 10:33:14 -06:00
Javier Bértoli
c964121b54 Merge pull request #92 from alxwr/master 
Test config before applying it
 2017-05-17 08:14:18 -03:00
Alexander Weidinger
162705c7ce Test config before applying it 2017-05-17 13:00:06 +02:00
Javier Bértoli
daf5e9464f Merge pull request #91 from amendlik/freebsd-wheel-group 
FreeBSD wheel group
 2017-04-21 18:52:02 -03:00