openssh-formula

Author	SHA1	Message	Date
Arthur Lutz	dcb70e5181	[openssh/config_ini] initial version of config_ini which uses ini state closes #123	2018-02-15 17:43:13 +01:00
alxwr	73727bc218	Merge pull request #118 from Perceptyx/master [FIX] When key is present override generating by any way	2017-12-29 04:02:08 +01:00
Mario Fritschen	e665450ed4	Changed expr_form to tgt_type for deprecation reasons. (#122 )	2017-12-23 00:11:24 +01:00
alxwr	5e3368afcb	drop default values (fixes #102 ) (#117 ) * drop default values (fixes #102) * hmac-ripemd160 was dropped in 7.6	2017-10-23 20:18:11 +02:00
Andres Montalban	26f2fc8e97	[FIX] When key is present override generating by any way	2017-10-15 17:55:44 -03:00
Niels Abspoel	9cdb9aaba0	improve allow_deny_users_groups	2017-08-21 23:35:04 +02:00
alxwr	178692f92e	Merge pull request #113 from brianholland99/master Add ConfigBanner to processed_options when handled.	2017-08-18 05:03:30 +02:00
Niels Abspoel	d157c0a36e	Merge pull request #111 from saltstack-formulas/hostnames-in-known-hosts Hostnames in known hosts	2017-08-16 14:29:25 +02:00
Brian Holland	6400516c5e	Add ConfigBanner to processed_options when handled. This prevents a verbatim version being added to end of file that will cause the parsing to fail.	2017-08-15 23:08:23 -04:00
Tibold Kandrai	83e60fd840	Fixed supporting multiline banner_string defined in the pillar.	2017-08-10 15:45:05 +02:00
Alexander Weidinger	e523ae5281	Optionally add hostnames to known_hosts	2017-08-08 07:51:38 +02:00
Alexander Weidinger	75e582a7bc	New macro: known_hosts_entry; added comments	2017-08-08 07:16:23 +02:00
Alexander Weidinger	f4cf9aa22b	CentOS 6: UsePrivilegeSeparation 'yes' (fixes #108 )	2017-08-01 14:50:08 +02:00
Alexander Weidinger	a5f4a56956	UsePrivilegeSeparation 'sandbox' This is was introduced in 5.9, and is default in 6.1. https://www.openssh.com/txt/release-5.9 https://www.openssh.com/txt/release-6.1	2017-08-01 00:02:03 +02:00
Alexander Weidinger	7afea021c6	Fixed key generation - generate before running check_mk on the sshd_config - set permissions on private key - cope with empty keys	2017-07-31 23:35:18 +02:00
Andres Montalban	c7a97ae72f	Create needed directory for UsePrivilegeSeparation option	2017-07-28 10:17:16 -03:00
Andres Montalban	500c915c33	Allow to config banner in pillar	2017-07-27 19:55:34 -03:00
Andres Montalban	467c5e56fc	Remove extra whitespace	2017-07-27 19:06:27 -03:00
Alexander Weidinger	c71f2ae4fa	minor fix: use keyFile in config.sls	2017-07-04 22:47:02 +02:00
Alexander Weidinger	e44d8860f4	Sort Match options	2017-07-04 22:30:49 +02:00
Alexander Weidinger	f810b27211	Merge branch 'prioritized-compound-match-2' of git://github.com/mikemol/openssh-formula	2017-07-04 21:58:05 +02:00
Florian Ermisch	add969822c	add optional `{{source}} to sshd_config	2017-07-04 21:38:21 +02:00
Florian Ermisch	8594cd90ba	add optional `{{source}} to ssh_config	2017-07-04 21:38:21 +02:00
Michael Mol	6229a6d122	Stabily sort matches OpenSSH's Match declarations are applied first-match-wins. However, we can't safely define two Matches that might overlap unless we first sort the keys, as Python (and Jinja) dicts don't guarantee the order of dict keys, We also won't scramble the match sequence every time the user adds, removes or renames a match, and so we give the user clearer, more concise diffs as when they apply changes. Finally, we leave a comment on the Match line identifying where the Match rule came from, to assist in troubleshooting.	2017-06-12 12:08:26 -04:00
Michael Mol	710175799b	Support compound matches Support complex compound matches in Match criteria. For example, be able to match against multiple Users for a given Match, or be able to match against address ranges. Or Groups. Or any combination thereof. Support for matching users can take one of several different appearances in pillar data: sshd_config: matches: match_1: type: User: one_user options: ChrootDirectory: /ex/%u match_2: type: User: - jim - bob - sally options: ChrootDirectory: /ex/%u match_3: type: User: jim: ~ bob: ~ sally: ~ options: ChrootDirectory: /ex/%u Note the syntax of match_3. By using empty dicts for each user, we can leverage Salt's pillar mergine. If we use simple lists, we cannot do this; Salt can't merge simple lists, because it doesn't know what order they ought to be in.	2017-06-12 11:43:46 -04:00
Michael Mol	345e07c85e	Support Match prioritization OpenSSH's Match declarations are applied first-match-wins. However, we can't safely define two Matches that might overlap unless we first sort the keys, as Python (and Jinja) dicts don't guarantee the order of dict keys, We also won't scramble the match sequence every time the user adds, removes or renames a match, and so we give the user clearer, more concise diffs as when they apply changes. Finally, we leave a comment on the Match line identifying where the Match rule came from, to assist in troubleshooting.	2017-06-09 15:51:13 -04:00
Adam Mendlik	1284109335	PrintLastLog missing in FreeBSD 11.0 The fix introduced in 678cc9066cb358b8a436341b4e31b796b4d82a4c suppresses the PrintLastLog directive for FreeBSD 10.3. SSH on FreeBSD 11.0 also does not support PrintLastLog, so this change suppresses it for any version >= 10.3.	2017-06-04 10:33:14 -06:00
Alexander Weidinger	162705c7ce	Test config before applying it	2017-05-17 13:00:06 +02:00
alxwr	844e96b57b	Merge pull request #88 from alxwr/force_key_length Opt-in to enforce RSA key length	2017-03-07 20:24:34 +01:00
Alexander Weidinger	6b23b28f52	Opt-in to enforce RSA key length	2017-03-04 14:21:58 +01:00
Alexander Weidinger	674216d0ad	openssh.auth_map	2017-03-04 14:21:53 +01:00
Alexander Weidinger	66c954ed66	Set correct ssh(d)_config_group for *BSD	2017-03-04 14:20:07 +01:00
amendlik	6d6c7a0ead	Merge branch 'master' into file-mode	2017-02-25 06:40:30 -07:00
Niels Abspoel	044d4d646b	Merge pull request #81 from leansalt/pillar-example-update Add secure defaults to pillar.example + secure sshd_config in defaults.yml #66	2017-02-25 12:30:37 +01:00
ek9	038a51cdc8	manage sshd_config and ssh_config only if pillars are defined	2017-02-24 21:13:52 +01:00
ek9	c03e29a498	remove Kex,MACs,Ciphers from defaults	2017-02-24 21:13:35 +01:00
Adam Mendlik	613bea2cac	Add variables for file owner and mode	2017-02-23 14:56:22 -07:00
Alexander Weidinger	70461403cb	known_hosts: sort IP addresses in order to prevent unnecessary changes due to random ordering of dig results.	2017-02-23 03:59:40 +01:00
Alexander Weidinger	678cc9066c	PrintLastLog missing in FreeBSD 10.3	2017-02-23 01:19:21 +01:00
ek9	f5a74f3fa0	defaults: enable secure defaults on sshd_config	2017-02-19 14:45:12 +01:00
Javier Bértoli	2db9253c45	Merge pull request #82 from pepoluan/allow_list_or_string Allow list or string for some option, and setting of ConfigBanner	2017-02-07 07:26:44 -03:00
Eric Cook	f4ea96f9c1	setup sftp correctly on RedHat-like machines	2017-01-24 18:17:15 -05:00
Pandu E Poluan	773d9ae092	Apply string-or-list processing to ssh_config Now ssh_config also accepts string-or-list options, for serveral keywords.	2017-01-24 01:34:24 +07:00
Pandu E Poluan	30648d115e	Add macro to handle string or list Added a macro to handle multivalue options entered in either string format or list format (with auto joiner).	2017-01-24 01:17:51 +07:00
Brian Jackson	b9689cedff	Merge pull request #79 from leansalt/server-service-control Add ability to control SSH server service status (default: on)	2017-01-15 21:48:04 -08:00
Eric Cook	686fc2c4ee	do not set UsePAM on OpenBSD Upstream opensshd does not support PAM	2017-01-14 18:38:37 -05:00
Simon Pirschel	1b69ecab2c	fix issue with stripping new line will result in invalid SLS definition if AuthorizedKeysFile is missing in sshd_config	2016-11-02 15:21:50 +01:00
Simon Pirschel	2a1b8fbc66	fix issue sshd won't start if AddressFamily is specified, because it must be defined before ListenAddress	2016-11-01 13:24:30 +01:00
Forrest	ec663a6f5e	Merge pull request #51 from mathieupotier/master Put ssh keys on configured path in sshd_config (AuthorizedKeysFile)	2016-10-31 09:32:50 -07:00
Eric Cook	51fd8b1391	fix Subsystem directive on archlinux	2016-10-30 00:06:02 -04:00

1 2 3

134 Commits