diff options
author | Georg Pfuetzenreuter | 2023-01-26 23:05:21 +0100 |
---|---|---|
committer | Georg Pfuetzenreuter | 2023-01-26 23:05:21 +0100 |
commit | 698234c0402eeff37517869695c75682a3fad332 (patch) | |
tree | e23a9ce4be37b8134d9bf14c1046d5ecf73ad540 /pillar/global/ssh.sls | |
parent | f949c0aba0bd9863474a35e1613eb23554acc449 (diff) | |
download | salt-698234c0402eeff37517869695c75682a3fad332.tar.gz salt-698234c0402eeff37517869695c75682a3fad332.tar.bz2 salt-698234c0402eeff37517869695c75682a3fad332.zip |
Manage common SSH server
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'pillar/global/ssh.sls')
-rw-r--r-- | pillar/global/ssh.sls | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/pillar/global/ssh.sls b/pillar/global/ssh.sls new file mode 100644 index 0000000..bd960bd --- /dev/null +++ b/pillar/global/ssh.sls @@ -0,0 +1,31 @@ +{%- from slspath ~ '/../global/macros.jinja' import listeners -%} +{#- +{%- from '/tmp/salt-libertacasa/pillar/global/macros.jinja' import listeners with context -%} +#} +{%- set host = grains['host'] -%} + +sshd_config: + ConfigBanner: | + ### This file is managed via https://git.com.de/LibertaCasa/salt + ### Manual changes will be overwritten + ListenAddress: {{ listeners() | indent }} + Protocol: 2 + SyslogFacility: AUTH + LogLevel: FATAL + HostKey: + - /etc/ssh/{{ host }} + HostKeyAlgorithms: ssh-ed25519-cert-v01@openssh.com + HostCertificate: /etc/ssh/{{ host }}-cert.pub + TrustedUserCAKeys: /etc/ssh/user_ca + PasswordAuthentication: 'no' + LoginGraceTime: 1m + PermitRootLogin: 'no' + StrictModes: 'yes' + MaxAuthTries: 1 + MaxSessions: 3 + UsePAM: 'yes' + X11Forwarding: 'no' + PrintMotd: 'yes' + PrintLastLog: 'yes' + Subsystem: sftp /usr/lib/ssh/sftp-server + |