Michael Mol
710175799b
Support compound matches
...
Support complex compound matches in Match criteria. For example, be able
to match against multiple Users for a given Match, or be able to match
against address ranges. Or Groups. Or any combination thereof.
Support for matching users can take one of several different appearances
in pillar data:
sshd_config:
matches:
match_1:
type:
User: one_user
options:
ChrootDirectory: /ex/%u
match_2:
type:
User:
- jim
- bob
- sally
options:
ChrootDirectory: /ex/%u
match_3:
type:
User:
jim: ~
bob: ~
sally: ~
options:
ChrootDirectory: /ex/%u
Note the syntax of match_3. By using empty dicts for each user, we can
leverage Salt's pillar mergine. If we use simple lists, we cannot do
this; Salt can't merge simple lists, because it doesn't know what order
they ought to be in.
2017-06-12 11:43:46 -04:00
Adam Mendlik
1284109335
PrintLastLog missing in FreeBSD 11.0
...
The fix introduced in 678cc9066c
suppresses the PrintLastLog directive for FreeBSD 10.3.
SSH on FreeBSD 11.0 also does not support PrintLastLog, so this
change suppresses it for any version >= 10.3.
2017-06-04 10:33:14 -06:00
Alexander Weidinger
678cc9066c
PrintLastLog missing in FreeBSD 10.3
2017-02-23 01:19:21 +01:00
Pandu E Poluan
30648d115e
Add macro to handle string or list
...
Added a macro to handle multivalue options entered in either string
format or list format (with auto joiner).
2017-01-24 01:17:51 +07:00
Eric Cook
686fc2c4ee
do not set UsePAM on OpenBSD
...
Upstream opensshd does not support PAM
2017-01-14 18:38:37 -05:00
Simon Pirschel
2a1b8fbc66
fix issue sshd won't start if AddressFamily is specified, because it must be defined before ListenAddress
2016-11-01 13:24:30 +01:00
Johannes Löthberg
02b52fa7cf
Add AuthorizedKeysCommand support
...
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
2016-10-01 20:53:44 +02:00
Niels Abspoel
641851632f
add more authentication options
2016-05-26 21:57:02 +02:00
Matthieu DERASSE
3542a1f534
Implement Session idle time out
2016-05-25 00:06:45 +02:00
Simon Lloyd
daed52de19
Add sshd_config to map.jinja and check if dig command is available before installing 'dig' package.
2016-04-19 02:53:14 +02:00
Bogdan Radulescu
13cf374efe
Added configuration options for ssh_config
...
Made a small change to reflect the default sshd_config
2015-10-01 15:21:16 +00:00
Bogdan Radulescu
fd4381b769
The default value for ServerKeyBits is 1024 both upstream and in distros
2015-07-30 12:27:05 +00:00
Ingo Bente
83bb5ac5a0
adds support to harden sshd_config (KeyExchange, Ciphers, MACs)
2015-06-30 14:33:57 +02:00
Niels Abspoel
33ee945557
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
...
This will add more options to set to secure openssh
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
2015-01-16 22:56:59 +01:00
Bohdan Kmit
b843d8168b
add ed25519 host key type; add AuthenticationMethods option
2015-01-16 17:21:10 +00:00
Skyler Berg
a83409182f
Fix jinja spacing mistake for unknown options
...
When specifying multiple unknown ssh options, they would all appear on
the same line.
2014-11-18 14:58:57 -08:00
Tim Jones
09ca7de060
Allow newline after ListenAddress
2014-10-26 20:27:11 +01:00
Robert Fairburn
8616d3d130
fix comment
2014-09-19 12:01:57 -05:00
Robert Fairburn
b24101264f
make sure to match options as the options dict!
2014-09-19 11:26:10 -05:00
Robert Fairburn
1a2de43ed7
defaults do not need a prefix
2014-09-19 11:21:31 -05:00
Robert Fairburn
85c97b450a
fix a typo in keywords being sent improperly
2014-09-19 11:19:37 -05:00
Robert Fairburn
abf6e09fbb
Fix a typo in the match jinja
2014-09-19 11:16:58 -05:00
Robert Fairburn
ba72c1e8b7
remove prefix when not needed
2014-09-19 10:55:19 -05:00
Robert Fairburn
c100fc88a3
allow for "Match" inside of an sshd_config
2014-09-19 10:47:35 -05:00
Wes Turner
970777b9bb
Add a UseDNS option to sshd_config
2014-07-22 00:35:11 -05:00
Oleg Tsarev
48ebd1b07b
Changed sshd_config generation to more readable scheme.
...
Synced file with default from Ubuntu 12.04 latest
2014-05-05 19:28:13 +04:00
matthew-parlette
cdfab3953d
Define a line for each option.
...
This provides a default option (according to the package-provided config file) for each option in the config.
2014-04-26 18:22:17 -04:00
matthew-parlette
2f28a008c2
Cleared out static parts of config since it was causing issues
2014-04-25 16:33:07 -04:00
Seth House
351a6b81dc
Merge remote-tracking branch 'origin/pr/3'
...
Conflicts:
openssh/files/sshd_config
openssh/init.sls
pillar.example
2014-03-17 16:14:17 -06:00
Kenny Do
b0c7009cb2
updated sshd_config file to be populated by pillar
2014-01-09 05:03:44 -08:00
Mark Eggert
2e229681c7
Adding a small variable to the OpenSSH sshd_config file so that the service will work correctly on Centos 6.4 and earlier
2014-01-03 00:11:17 -06:00
Thomas S Hatch
1224ee95f0
Add openssh files
2013-06-13 11:16:18 -06:00