Uncomment config for openssh.banner?

[tobinquadros]

I may be missing something, but it seems that the banner setting in sshd_config on Ubuntu is not being uncommented and set correctly when the openssh.banner state is run. The banner_src gets copied to /etc/ssh/banner correctly, but I don't see an option to enable/uncomment the banner config line or set the banner_src in the pillar.example file that's provided.

I'm trying with a simple highstate here (UseDNS: 'no' works):

# /srv/salt/top.sls
base:
  '*':
    - openssh
    - openssh.config
    - openssh.banner

# /srv/pillar/openssh.sls
sshd_config:
  UseDNS: 'no'

Running openssh.banner placed a banner file at /etc/ssh/banner, so I manually changed:

# /etc/ssh/sshd_config
...

#Banner /etc/issue.net

to

# /etc/ssh/sshd_config
...

Banner /etc/ssh/banner

and everything worked. Is there another option that needs to be set? I thought I would be able to override that setting somehow in pillar, but I can't figure it out.

Here's the output of state.highstate:

local:
----------
          ID: openssh
    Function: pkg.installed
        Name: openssh-server
      Result: True
     Comment: Package openssh-server is already installed
     Changes:
----------
          ID: sshd_config
    Function: file.managed
        Name: /etc/ssh/sshd_config
      Result: True
     Comment: File /etc/ssh/sshd_config is in the correct state
     Changes:
----------
          ID: openssh
    Function: service.running
        Name: ssh
      Result: True
     Comment: Service ssh is already enabled, and is in the desired state
     Changes:
----------
          ID: sshd_banner
    Function: file.managed
        Name: /etc/ssh/banner
      Result: True
     Comment: File /etc/ssh/banner is in the correct state
     Changes:

Summary
------------
Succeeded: 4
Failed:    0
------------
Total:     4

Thanks, I appreciate you guys posting this formula.

[ckng]

Unable to get openssh.banner state to work as well. The Banner config is not uncommented and set to the correct value, even if I add Banner: "/etc/ssh/banner". Also getting this error:

        ID: sshd_banner
    Function: file.managed
        Name: /etc/ssh/banner
      Result: False
     Comment: Unable to manage file: Jinja variable 'dict object' has no attribute 'data'

[aboe76]

Tried to reproduce this but it works on my debian system:
pillar top.sls:

base:
  'example.home.lan:
    - openssh_banner

pillar openssh_banner.sls

sshd_config:
  Banner: '/etc/ssh/banner'

salt top.sls:

base:
  'example.home.lan':
    - openssh.banner

and it works

Name: openssh-server - Function: pkg.installed - Result: Clean
----------
          ID: sshd_config
    Function: file.managed
        Name: /etc/ssh/sshd_config
      Result: True
     Comment: File /etc/ssh/sshd_config updated
     Started: 22:01:33.680061
    Duration: 118.06 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -76,7 +76,7 @@
                   #UseLogin no

                   #MaxStartups 10:30:60
                  -#Banner /etc/issue.net
                  +Banner /etc/ssh/banner

                   # Allow client to pass locale environment variables
                   AcceptEnv LANG LC_*
----------
          ID: sshd_banner
    Function: file.managed
        Name: /etc/ssh/banner
      Result: True
     Comment: File /etc/ssh/banner updated
     Started: 22:01:38.710512
    Duration: 25.094 ms
     Changes:   
              ----------
              diff:
                  New file
              mode:
                  0644

[tobinquadros]

👍 Thanks, I've moved on from this but glad someone checked it out.