summaryrefslogtreecommitdiffstats
path: root/pillar/global/ssh.sls
diff options
context:
space:
mode:
authorGeorg Pfuetzenreuter2023-01-26 23:05:21 +0100
committerGeorg Pfuetzenreuter2023-01-26 23:05:21 +0100
commit698234c0402eeff37517869695c75682a3fad332 (patch)
treee23a9ce4be37b8134d9bf14c1046d5ecf73ad540 /pillar/global/ssh.sls
parentf949c0aba0bd9863474a35e1613eb23554acc449 (diff)
downloadsalt-698234c0402eeff37517869695c75682a3fad332.tar.gz
salt-698234c0402eeff37517869695c75682a3fad332.tar.bz2
salt-698234c0402eeff37517869695c75682a3fad332.zip
Manage common SSH server
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'pillar/global/ssh.sls')
-rw-r--r--pillar/global/ssh.sls31
1 files changed, 31 insertions, 0 deletions
diff --git a/pillar/global/ssh.sls b/pillar/global/ssh.sls
new file mode 100644
index 0000000..bd960bd
--- /dev/null
+++ b/pillar/global/ssh.sls
@@ -0,0 +1,31 @@
+{%- from slspath ~ '/../global/macros.jinja' import listeners -%}
+{#-
+{%- from '/tmp/salt-libertacasa/pillar/global/macros.jinja' import listeners with context -%}
+#}
+{%- set host = grains['host'] -%}
+
+sshd_config:
+ ConfigBanner: |
+ ### This file is managed via https://git.com.de/LibertaCasa/salt
+ ### Manual changes will be overwritten
+ ListenAddress: {{ listeners() | indent }}
+ Protocol: 2
+ SyslogFacility: AUTH
+ LogLevel: FATAL
+ HostKey:
+ - /etc/ssh/{{ host }}
+ HostKeyAlgorithms: ssh-ed25519-cert-v01@openssh.com
+ HostCertificate: /etc/ssh/{{ host }}-cert.pub
+ TrustedUserCAKeys: /etc/ssh/user_ca
+ PasswordAuthentication: 'no'
+ LoginGraceTime: 1m
+ PermitRootLogin: 'no'
+ StrictModes: 'yes'
+ MaxAuthTries: 1
+ MaxSessions: 3
+ UsePAM: 'yes'
+ X11Forwarding: 'no'
+ PrintMotd: 'yes'
+ PrintLastLog: 'yes'
+ Subsystem: sftp /usr/lib/ssh/sftp-server
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-16 17:01:00 +0000