Add ~/.ssh/config management
This adds the ability to manage the ~/.ssh/config file for users.
This commit is contained in:
parent
3fc2a2bac9
commit
57c82f3324
@ -44,6 +44,17 @@ users:
|
|||||||
# than inline in pillar, this works.
|
# than inline in pillar, this works.
|
||||||
ssh_auth_sources:
|
ssh_auth_sources:
|
||||||
- salt://keys/buser.id_rsa.pub
|
- salt://keys/buser.id_rsa.pub
|
||||||
|
# Manage the ~/.ssh/config file
|
||||||
|
ssh_config:
|
||||||
|
all:
|
||||||
|
hostname: "*"
|
||||||
|
options:
|
||||||
|
- "StrictHostKeyChecking no"
|
||||||
|
- "UserKnownHostsFile=/dev/null"
|
||||||
|
importanthost:
|
||||||
|
hostname: "needcheck.example.com"
|
||||||
|
options:
|
||||||
|
- "StrictHostKeyChecking yes"
|
||||||
|
|
||||||
google_auth:
|
google_auth:
|
||||||
ssh: |
|
ssh: |
|
||||||
|
@ -208,6 +208,24 @@ users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}:
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if 'ssh_config' in user %}
|
||||||
|
users_ssh_config_{{ name }}:
|
||||||
|
file.managed:
|
||||||
|
- name: {{ home }}/.ssh/config
|
||||||
|
- user: {{ name }}
|
||||||
|
- group: {{ user_group }}
|
||||||
|
- mode: 640
|
||||||
|
- contents: |
|
||||||
|
# Managed by Saltstack
|
||||||
|
{% for label, setting in user.ssh_config.items() %}
|
||||||
|
# {{ label }}
|
||||||
|
Host {{ setting.get('hostname') }}
|
||||||
|
{%- for opts in setting.get('options') %}
|
||||||
|
{{ opts }}
|
||||||
|
{%- endfor %}
|
||||||
|
{% endfor -%}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if 'sudouser' in user and user['sudouser'] %}
|
{% if 'sudouser' in user and user['sudouser'] %}
|
||||||
|
|
||||||
users_sudoer-{{ name }}:
|
users_sudoer-{{ name }}:
|
||||||
|
Loading…
Reference in New Issue
Block a user