Home Explore Help
Register Sign In
rklein
/
ffho-salt-public
forked from FreifunkHochstift/ffho-salt-public
1
0
Fork 0
Files
Tree: 8f73e190ac
Branches Tags
ffho-salt-pu...
/
ssh
/
init.sls

init.sls 881 B
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344 
  1. #
    2. 

  2. # SSH configuration
    3. 

  3. #
    4. 

  4. 

  5. # Install ssh server
    6. 

  6. ssh:
    7. 

  7.   pkg.installed:
    8. 

  8.     - name: 'openssh-server'
    9. 

  9.   service.running:
    10. 

  10.     - enable: True
    11. 

  11.     - reload: True
    12. 

  12. 

  13. 

  14. # Enforce pubkey auth (disable password auth) and reload server on config change
    15. 

  15. /etc/ssh/sshd_config:
    16. 

  16.   file.managed:
    17. 

  17.     - source:
    18. 

  18.       - salt://ssh/sshd_config.{{ grains.os }}.{{ grains.oscodename }}
    19. 

  19.       - salt://ssh/sshd_config
    20. 

  20.     - user: root
    21. 

  21.     - group: root
    22. 

  22.     - mode: 644
    23. 

  23.     - watch_in:
    24. 

  24.       - service: ssh
    25. 

  25. 

  26. 

  27. # Create .ssh dir for user root and install authkeys
    28. 

  28. /root/.ssh:
    29. 

  29.   file.directory:
    30. 

  30.     - user: root
    31. 

  31.     - group: root
    32. 

  32.     - mode: 700
    33. 

  33.     - makedirs: True
    34. 

  34. 

  35. 

  36. # Create authorized_keys for root (MASTER + host specific)
    37. 

  37. /root/.ssh/authorized_keys:
    38. 

  38.   file.managed:
    39. 

  39.     - source: salt://ssh/authorized_keys.tmpl
    40. 

  40.     - template: jinja
    41. 

  41.       username: root
    42. 

  42.     - user: root
    43. 

  43.     - group: root
    44. 

  44.     - mode: 644
    45.