Add ~/.ssh/config management

This adds the ability to manage the ~/.ssh/config file for users.
2015-05-15 21:47:40 +02:00 · 2015-05-15 21:47:40 +02:00 · 57c82f3324
commit 57c82f3324
parent 3fc2a2bac9
2 changed files with 29 additions and 0 deletions
--- a/pillar.example
+++ b/pillar.example
@ -44,6 +44,17 @@ users:
    # than inline in pillar, this works.
    ssh_auth_sources:
      - salt://keys/buser.id_rsa.pub
+    # Manage the ~/.ssh/config file
+    ssh_config:
+      all:
+        hostname: "*"
+        options:
+          - "StrictHostKeyChecking no"
+          - "UserKnownHostsFile=/dev/null"
+      importanthost:
+        hostname: "needcheck.example.com"
+        options:
+          - "StrictHostKeyChecking yes"

    google_auth:
      ssh: |
--- a/users/init.sls
+++ b/users/init.sls
@ -208,6 +208,24 @@ users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}:
 {% endfor %}
 {% endif %}

+{% if 'ssh_config' in user %}
+users_ssh_config_{{ name }}:
+  file.managed:
+    - name: {{ home }}/.ssh/config
+    - user: {{ name }}
+    - group: {{ user_group }}
+    - mode: 640
+    - contents: |
+        # Managed by Saltstack
+        {% for label, setting in user.ssh_config.items() %}
+        # {{ label }}
+        Host {{ setting.get('hostname') }}
+          {%- for opts in setting.get('options') %}
+          {{ opts }}
+          {%- endfor %}
+        {% endfor -%}
+{% endif %}
+
 {% if 'sudouser' in user and user['sudouser'] %}

 users_sudoer-{{ name }}: