Michael Mol
710175799b
Support compound matches
...
Support complex compound matches in Match criteria. For example, be able
to match against multiple Users for a given Match, or be able to match
against address ranges. Or Groups. Or any combination thereof.
Support for matching users can take one of several different appearances
in pillar data:
sshd_config:
matches:
match_1:
type:
User: one_user
options:
ChrootDirectory: /ex/%u
match_2:
type:
User:
- jim
- bob
- sally
options:
ChrootDirectory: /ex/%u
match_3:
type:
User:
jim: ~
bob: ~
sally: ~
options:
ChrootDirectory: /ex/%u
Note the syntax of match_3. By using empty dicts for each user, we can
leverage Salt's pillar mergine. If we use simple lists, we cannot do
this; Salt can't merge simple lists, because it doesn't know what order
they ought to be in.
2017-06-12 11:43:46 -04:00
Adam Mendlik
1284109335
PrintLastLog missing in FreeBSD 11.0
...
The fix introduced in 678cc9066c
suppresses the PrintLastLog directive for FreeBSD 10.3.
SSH on FreeBSD 11.0 also does not support PrintLastLog, so this
change suppresses it for any version >= 10.3.
2017-06-04 10:33:14 -06:00
Alexander Weidinger
70461403cb
known_hosts: sort IP addresses
...
in order to prevent unnecessary changes due to
random ordering of dig results.
2017-02-23 03:59:40 +01:00
Alexander Weidinger
678cc9066c
PrintLastLog missing in FreeBSD 10.3
2017-02-23 01:19:21 +01:00
Pandu E Poluan
773d9ae092
Apply string-or-list processing to ssh_config
...
Now ssh_config also accepts string-or-list options, for serveral
keywords.
2017-01-24 01:34:24 +07:00
Pandu E Poluan
30648d115e
Add macro to handle string or list
...
Added a macro to handle multivalue options entered in either string
format or list format (with auto joiner).
2017-01-24 01:17:51 +07:00
Eric Cook
686fc2c4ee
do not set UsePAM on OpenBSD
...
Upstream opensshd does not support PAM
2017-01-14 18:38:37 -05:00
Simon Pirschel
2a1b8fbc66
fix issue sshd won't start if AddressFamily is specified, because it must be defined before ListenAddress
2016-11-01 13:24:30 +01:00
Johannes Löthberg
02b52fa7cf
Add AuthorizedKeysCommand support
...
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2016-10-01 20:53:44 +02:00
Niels Abspoel
641851632f
add more authentication options
2016-05-26 21:57:02 +02:00
Matthieu DERASSE
3542a1f534
Implement Session idle time out
2016-05-25 00:06:45 +02:00
Simon Lloyd
daed52de19
Add sshd_config to map.jinja and check if dig command is available before installing 'dig' package.
2016-04-19 02:53:14 +02:00
Nigel Sim
1e515b0f5d
make the host option rendering support lists by refactoring the main option rendering code
...
put the ssh_config Host:* options in the defaults file so they can be overridden
2016-01-14 02:57:45 +00:00
ketzacoatl
143451eb19
Add support for Host definitions in ssh_config
...
This gives us the ability to define system-wide definitions for specific Hosts, and their options.
For example, with this in pillar:
```
# this is the place for host-wide SSH config
ssh_config:
...
Hosts:
# this simplifies cloning with custom params
# eg: git clone my-git:foo/bar
my-git:
User: git
HostName: git.example.com
Port: 2222
```
This would add a section in `/etc/ssh/ssh_config`:
```
Host my-git
User git
HostName git.example.com
Port 2222
```
2016-01-02 18:12:55 -05:00
Bogdan Radulescu
13cf374efe
Added configuration options for ssh_config
...
Made a small change to reflect the default sshd_config
2015-10-01 15:21:16 +00:00
Bogdan Radulescu
fd4381b769
The default value for ServerKeyBits is 1024 both upstream and in distros
2015-07-30 12:27:05 +00:00
Ingo Bente
83bb5ac5a0
adds support to harden sshd_config (KeyExchange, Ciphers, MACs)
2015-06-30 14:33:57 +02:00
Thomas Juberg
6b68c44583
Stop messing up the first line in ssh_known_hosts
2015-06-25 14:28:26 +02:00
Raphaël Hertzog
1b74efd2d0
Add a new openssh.known_hosts state
...
This state manages /etc/ssh/ssh_known_hosts and fills it with
public SSH host keys of other minions.
2015-03-26 17:50:32 +01:00
Niels Abspoel
33ee945557
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
...
This will add more options to set to secure openssh
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
2015-01-16 22:56:59 +01:00
Bohdan Kmit
b843d8168b
add ed25519 host key type; add AuthenticationMethods option
2015-01-16 17:21:10 +00:00
Skyler Berg
a83409182f
Fix jinja spacing mistake for unknown options
...
When specifying multiple unknown ssh options, they would all appear on
the same line.
2014-11-18 14:58:57 -08:00
Tim Jones
09ca7de060
Allow newline after ListenAddress
2014-10-26 20:27:11 +01:00
Robert Fairburn
8616d3d130
fix comment
2014-09-19 12:01:57 -05:00
Robert Fairburn
b24101264f
make sure to match options as the options dict!
2014-09-19 11:26:10 -05:00
Robert Fairburn
1a2de43ed7
defaults do not need a prefix
2014-09-19 11:21:31 -05:00
Robert Fairburn
85c97b450a
fix a typo in keywords being sent improperly
2014-09-19 11:19:37 -05:00
Robert Fairburn
abf6e09fbb
Fix a typo in the match jinja
2014-09-19 11:16:58 -05:00
Robert Fairburn
ba72c1e8b7
remove prefix when not needed
2014-09-19 10:55:19 -05:00
Robert Fairburn
c100fc88a3
allow for "Match" inside of an sshd_config
2014-09-19 10:47:35 -05:00
Wes Turner
970777b9bb
Add a UseDNS option to sshd_config
2014-07-22 00:35:11 -05:00
Oleg Tsarev
48ebd1b07b
Changed sshd_config generation to more readable scheme.
...
Synced file with default from Ubuntu 12.04 latest
2014-05-05 19:28:13 +04:00
matthew-parlette
cdfab3953d
Define a line for each option.
...
This provides a default option (according to the package-provided config file) for each option in the config.
2014-04-26 18:22:17 -04:00
matthew-parlette
2f28a008c2
Cleared out static parts of config since it was causing issues
2014-04-25 16:33:07 -04:00
Seth House
351a6b81dc
Merge remote-tracking branch 'origin/pr/3'
...
Conflicts:
openssh/files/sshd_config
openssh/init.sls
pillar.example
2014-03-17 16:14:17 -06:00
Kenny Do
b0c7009cb2
updated sshd_config file to be populated by pillar
2014-01-09 05:03:44 -08:00
Mark Eggert
2e229681c7
Adding a small variable to the OpenSSH sshd_config file so that the service will work correctly on Centos 6.4 and earlier
2014-01-03 00:11:17 -06:00
Thomas S Hatch
1224ee95f0
Add openssh files
2013-06-13 11:16:18 -06:00