Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CentOS does not support ed25519; fixes #98 #151

Merged
merged 5 commits into from
Feb 18, 2019
Merged

CentOS does not support ed25519; fixes #98 #151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
54dde36
split map.jinja according to template-formula
alxwr Feb 12, 2019
4b84dea
Made host key algos configurable; dropped DSA
alxwr Feb 12, 2019
f53cccc
CentOS does not support ed25519; fixes #98
alxwr Feb 12, 2019
0c6a353
Fix map.jinja: openssh:lookup is not used anyways
alxwr Feb 12, 2019
29b89f0
map.jinja: replace defaults.merge with grains.filter_by
alxwr Feb 12, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion openssh/config.sls
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ ssh_config:
{%- endif %}
{% endif %}

{%- for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}
{%- for keyType in openssh['host_key_algos'].split(',') %}
{%- set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %}
{%- set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %}
{%- if salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}
Expand Down
51 changes: 28 additions & 23 deletions openssh/defaults.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,24 +1,29 @@
openssh:
sshd_enable: True
sshd_binary: /usr/sbin/sshd
sshd_config: /etc/ssh/sshd_config
sshd_config_src: salt://openssh/files/sshd_config
sshd_config_user: root
sshd_config_group: root
sshd_config_mode: '644'
sshd_config_backup: True
ssh_config: /etc/ssh/ssh_config
ssh_config_src: salt://openssh/files/ssh_config
ssh_config_user: root
ssh_config_group: root
ssh_config_mode: '644'
ssh_config_backup: True
banner: /etc/ssh/banner
banner_src: salt://openssh/files/banner
ssh_known_hosts: /etc/ssh/ssh_known_hosts
dig_pkg: dnsutils
ssh_moduli: /etc/ssh/moduli
root_group: root
default:
openssh:
sshd_enable: True
sshd_binary: /usr/sbin/sshd
sshd_config: /etc/ssh/sshd_config
sshd_config_src: salt://openssh/files/sshd_config
sshd_config_user: root
sshd_config_group: root
sshd_config_mode: '644'
sshd_config_backup: True
ssh_config: /etc/ssh/ssh_config
ssh_config_src: salt://openssh/files/ssh_config
ssh_config_user: root
ssh_config_group: root
ssh_config_mode: '644'
ssh_config_backup: True
banner: /etc/ssh/banner
banner_src: salt://openssh/files/banner
ssh_known_hosts: /etc/ssh/ssh_known_hosts
dig_pkg: dnsutils
ssh_moduli: /etc/ssh/moduli
root_group: root
# Prevent merge of array; always override values
host_key_algos: ecdsa,ed25519,rsa
# To manage/remove DSA:
#host_key_algos: dsa,ecdsa,ed25519,rsa

sshd_config: {}
ssh_config: {}
sshd_config: {}
ssh_config: {}
142 changes: 22 additions & 120 deletions openssh/map.jinja
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,120 +1,22 @@
{## Start with defaults from defaults.yaml ##}
{% import_yaml "openssh/defaults.yaml" as default_settings %}

{##
Setup variable using grains['os_family'] based logic, only add key:values here
that differ from whats in defaults.yaml
##}
{% set os_family_map = salt['grains.filter_by']({
'Arch': {
'server': 'openssh',
'client': 'openssh',
'service': 'sshd',
'dig_pkg': 'bind-tools',
},
'Debian': {
'server': 'openssh-server',
'client': 'openssh-client',
'service': 'ssh',
},
'FreeBSD': {
'service': 'sshd',
'dig_pkg': 'bind-tools',
'sshd_config_group': 'wheel',
'ssh_config_group': 'wheel',
},
'OpenBSD': {
'service': 'sshd',
'sshd_config_group': 'wheel',
'ssh_config_group': 'wheel',
},
'Gentoo': {
'server': 'net-misc/openssh',
'client': 'net-misc/openssh',
'service': 'sshd',
'dig_pkg': 'net-dns/bind-tools',
},
'RedHat': {
'server': 'openssh-server',
'client': 'openssh-clients',
'service': 'sshd',
'dig_pkg': 'bind-utils',
},
'Suse': {
'server': 'openssh',
'client': 'openssh',
'service': 'sshd',
'dig_pkg': 'bind-utils',
},
'Solaris': {
'service': 'network/ssh',
'sshd_config_group': 'root',
'ssh_config_group': 'root',
'dig_pkg': 'bind',
'sshd_binary': '/usr/lib/ssh/sshd',
},
}
, grain="os_family"
, merge=salt['pillar.get']('openssh:lookup'))
%}

{## Merge the flavor_map to the default settings ##}
{% do default_settings.openssh.update(os_family_map) %}

{## Merge in openssh:lookup pillar ##}
{% set openssh = salt['pillar.get'](
'openssh',
default=default_settings.openssh,
merge=True
)
%}

{% set os_family_map = salt['grains.filter_by']({
'FreeBSD': {
'Subsystem': 'sftp /usr/libexec/sftp-server',
},
'OpenBSD': {
'Subsystem': 'sftp /usr/libexec/sftp-server',
},
'Suse': {
'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
},
'Arch': {
'Subsystem': 'sftp /usr/lib/ssh/sftp-server',
},
'Debian': {
'Subsystem': 'sftp /usr/lib/openssh/sftp-server',
},
'RedHat': {
'Subsystem': 'sftp /usr/libexec/openssh/sftp-server',
},
'Solaris': {
'Subsystem': 'sftp internal-sftp',
},
'default': {}
}
, grain="os_family"
, merge=salt['pillar.get']('sshd_config:lookup'))
%}

{% set os_finger_map = salt['grains.filter_by']({
'CentOS-6': {
},
'default': {}
}
, grain="osfinger"
, merge=salt['pillar.get']('sshd_config:lookup'))
%}


{## Merge the flavor_map to the default settings ##}
{% do default_settings.sshd_config.update(os_family_map) %}
{% do default_settings.sshd_config.update(os_finger_map) %}

{## Merge in sshd_config:lookup pillar ##}
{% set sshd_config = salt['pillar.get'](
'sshd_config',
default=default_settings.sshd_config,
merge=True
)
%}
# -*- coding: utf-8 -*-
# vim: ft=jinja

{## Start imports as ##}
{% import_yaml 'openssh/defaults.yaml' as default_settings %}
{% import_yaml 'openssh/osfamilymap.yaml' as osfamilymap %}
{% import_yaml 'openssh/osmap.yaml' as osmap %}
{% import_yaml 'openssh/osfingermap.yaml' as osfingermap %}

{% set defaults = salt['grains.filter_by'](default_settings,
default='default',
merge=salt['grains.filter_by'](osfamilymap, grain='os_family',
merge=salt['grains.filter_by'](osmap, grain='os',
merge=salt['grains.filter_by'](osfingermap, grain='osfinger')
)
)
) %}

{## merge the openssh pillar ##}
{% set openssh = salt['pillar.get']('openssh', default=defaults['openssh'], merge=True) %}
{% set ssh_config = salt['pillar.get']('ssh_config', default=defaults['ssh_config'], merge=True) %}
{% set sshd_config = salt['pillar.get']('sshd_config', default=defaults['sshd_config'], merge=True) %}
68 changes: 68 additions & 0 deletions openssh/osfamilymap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
Arch:
openssh:
server: openssh
client: openssh
service: sshd
dig_pkg: bind-tools
sshd_config:
Subsystem: sftp /usr/lib/ssh/sftp-server

Debian:
openssh:
server: openssh-server
client: openssh-client
service: ssh
sshd_config:
Subsystem: sftp /usr/lib/openssh/sftp-server

FreeBSD:
openssh:
service: sshd
dig_pkg: bind-tools
sshd_config_group: wheel
ssh_config_group: wheel
sshd_config:
Subsystem: sftp /usr/libexec/sftp-server

Gentoo:
openssh:
server: net-misc/openssh
client: net-misc/openssh
service: sshd
dig_pkg: net-dns/bind-tools

OpenBSD:
openssh:
service: sshd
sshd_config_group: wheel
ssh_config_group: wheel
sshd_config:
Subsystem: sftp /usr/libexec/sftp-server

RedHat:
openssh:
server: openssh-server
client: openssh-clients
service: sshd
dig_pkg: bind-utils
sshd_config:
Subsystem: sftp /usr/libexec/openssh/sftp-server

Solaris:
openssh:
service: network/ssh
sshd_config_group: root
ssh_config_group: root
dig_pkg: bind
sshd_binary: /usr/lib/ssh/sshd
sshd_config:
Subsystem: sftp internal-sftp

Suse:
openssh:
server: openssh
client: openssh
service: sshd
dig_pkg: bind-utils
sshd_config:
Subsystem: sftp /usr/lib/ssh/sftp-server
4 changes: 4 additions & 0 deletions openssh/osfingermap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Ubuntu-18.04: {}
CentOS-6:
openssh:
host_key_algos: ecdsa,rsa
1 change: 1 addition & 0 deletions openssh/osmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
FreeBSD: {}