├── .github ├── settings.yml ├── workflows │ ├── commitlint.yml │ └── main.yml └── renovate.json5 ├── openssh ├── client.sls ├── files │ └── default │ │ ├── banner │ │ ├── fire_banner │ │ ├── ssh_known_hosts │ │ └── ssh_config ├── _mapdata │ ├── _mapdata.jinja │ └── init.sls ├── parameters │ ├── osfinger │ │ └── CentOS-6.yaml │ ├── map_jinja.yaml │ ├── os_family │ │ ├── Gentoo.yaml │ │ ├── Arch.yaml │ │ ├── Suse.yaml │ │ ├── FreeBSD.yaml │ │ ├── Debian.yaml │ │ ├── RedHat.yaml │ │ ├── Solaris.yaml │ │ └── OpenBSD.yaml │ └── defaults.yaml ├── init.sls ├── libsaltcli.jinja ├── banner.sls ├── known_hosts.sls ├── moduli.sls ├── config_ini.sls ├── auth_map.sls ├── gather_host_keys.sls ├── auth.sls ├── map.jinja ├── config.sls └── libtofs.jinja ├── .rstcheck.cfg ├── test └── integration │ ├── default │ ├── controls │ │ ├── services_spec.rb │ │ ├── packages_spec.rb │ │ ├── config_spec.rb │ │ └── _mapdata.rb │ ├── inspec.yml │ ├── README.md │ └── files │ │ └── _mapdata │ │ ├── freebsd-11.yaml │ │ ├── freebsd-12.yaml │ │ ├── freebsd-13.yaml │ │ ├── openbsd-6.yaml │ │ ├── openbsd-7.yaml │ │ ├── opensuse-15.yaml │ │ ├── centos-6.yaml │ │ ├── debian-9.yaml │ │ ├── debian-10.yaml │ │ ├── fedora-31.yaml │ │ ├── fedora-32.yaml │ │ ├── fedora-33.yaml │ │ ├── fedora-34.yaml │ │ ├── fedora-35.yaml │ │ ├── fedora-40.yaml │ │ ├── fedora-41.yaml │ │ ├── ubuntu-16.yaml │ │ └── ubuntu-18.yaml │ └── share │ ├── inspec.yml │ ├── README.md │ └── libraries │ └── system.rb ├── FORMULA ├── commitlint.config.js ├── bin ├── install-hooks └── kitchen ├── .yamllint ├── .copier-answers.ssf-ci.yml ├── LICENSE ├── .rubocop.yml ├── .salt-lint ├── kitchen.vagrant.yml ├── Gemfile ├── pre-commit_semantic-release.sh ├── release.config.js ├── .gitignore ├── CODEOWNERS ├── _pillar └── known_hosts_salt_ssh.sls └── .pre-commit-config.yaml /.github/settings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # These settings are synced to GitHub by https://probot.github.io/apps/settings/ 3 | 4 | repository: 5 | # See https://docs.github.com/en/rest/reference/repos#update-a-repository 6 | # for all available settings 7 | 8 | allow_squash_merge: false 9 | -------------------------------------------------------------------------------- /openssh/client.sls: -------------------------------------------------------------------------------- 1 | {% from "openssh/map.jinja" import mapdata with context %} 2 | {%- set openssh = mapdata.openssh %} 3 | 4 | openssh_client: 5 | pkg.installed: 6 | - name: {{ openssh.client }} 7 | {% if openssh.client_version is defined %} 8 | - version: {{ openssh.client_version }} 9 | {% endif %} 10 | -------------------------------------------------------------------------------- /.rstcheck.cfg: -------------------------------------------------------------------------------- 1 | [rstcheck] 2 | report=info 3 | ignore_language=rst 4 | # salt['config.get']('roles') is misidentified as a Markdown link. 5 | # Ignore for now, but perhaps try to submit a fix upstream in rstcheck 6 | ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$|\(rst\) Link is formatted in Markdown style\.) 7 | -------------------------------------------------------------------------------- /openssh/files/default/banner: -------------------------------------------------------------------------------- 1 | Welcome to {{ grains['id'] }}! 2 | 3 | Managed By 4 | 5 | _____ ____ _____ __ __ 6 | / ___/____ _/ / /_/ ___// /_____ ______/ /__ 7 | \__ \/ __ `/ / __/\__ \/ __/ __ `/ ___/ //_/ 8 | ___/ / /_/ / / /_ ___/ / /_/ /_/ / /__/ ,< 9 | /____/\__,_/_/\__//____/\__/\__,_/\___/_/|_| 10 | 11 | 12 | Make sure changes get pushed into the state repo! 13 | -------------------------------------------------------------------------------- /.github/workflows/commitlint.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | name: Commitlint 5 | 'on': [pull_request] 6 | 7 | jobs: 8 | lint: 9 | runs-on: ubuntu-latest 10 | env: 11 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 12 | steps: 13 | - uses: actions/checkout@v2 14 | with: 15 | fetch-depth: 0 16 | - uses: wagoid/commitlint-github-action@v1 17 | -------------------------------------------------------------------------------- /test/integration/default/controls/services_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # Overide by Platform 4 | service_name = 'sshd' 5 | service_name = 'ssh' if platform[:family] == 'debian' 6 | 7 | control 'openssh service' do 8 | impact 0.5 9 | title 'should be running and enabled' 10 | 11 | describe service(service_name) do 12 | it { should be_enabled } 13 | it { should be_running } 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /openssh/_mapdata/_mapdata.jinja: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # {{ grains.get("osfinger", grains.os) }} 3 | --- 4 | {#- use salt.slsutil.serialize to avoid encoding errors on some platforms #} 5 | {{ salt["slsutil.serialize"]( 6 | "yaml", 7 | map, 8 | default_flow_style=False, 9 | allow_unicode=True, 10 | ) 11 | | regex_replace("^\s+'$", "'", multiline=True) 12 | | trim 13 | }} 14 | -------------------------------------------------------------------------------- /FORMULA: -------------------------------------------------------------------------------- 1 | name: openssh 2 | os: Debian, Ubuntu, Raspbian, RedHat, Fedora, CentOS, Suse, openSUSE, Gentoo, Funtoo, Arch, Manjaro, Alpine, FreeBSD, OpenBSD, Solaris, SmartOS, Windows, MacOS 3 | os_family: Debian, RedHat, Suse, Gentoo, Arch, Alpine, FreeBSD, OpenBSD, Solaris, Windows, MacOS 4 | version: 3.0.5 5 | release: 1 6 | minimum_version: 2017.7 7 | summary: openssh formula 8 | description: Install and configure an openssh server 9 | top_level_dir: openssh 10 | -------------------------------------------------------------------------------- /.github/renovate.json5: -------------------------------------------------------------------------------- 1 | { 2 | $schema: 'https://docs.renovatebot.com/renovate-schema.json', 3 | extends: [ 4 | "github>saltstack-formulas/.github", 5 | "github>saltstack-formulas/.github:copier" 6 | ], 7 | /********************************************************** 8 | * This file is managed as part of a Copier template. * 9 | * Please make your own changes below this comment. * 10 | *********************************************************/ 11 | } 12 | -------------------------------------------------------------------------------- /openssh/parameters/osfinger/CentOS-6.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | # 4 | # Setup variables specific to salt['config.get']('osfinger') == CentOS-6. 5 | # You just need to add the key:values for this `osfinger` that differ 6 | # from `defaults.yaml`. 7 | # 8 | # If you do not need to provide defaults via the `osfinger` config, 9 | # you can remove this file or provide at least an empty dict, e.g. 10 | # values: {} 11 | --- 12 | values: 13 | openssh: 14 | host_key_algos: ecdsa,rsa 15 | ... 16 | -------------------------------------------------------------------------------- /commitlint.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | extends: ['@commitlint/config-conventional'], 3 | rules: { 4 | 'body-max-line-length': [2, 'always', 120], 5 | 'footer-max-line-length': [2, 'always', 120], 6 | 'header-max-length': [2, 'always', 72] 7 | }, 8 | ignores: [ 9 | (commit) => commit.startsWith('chore(copier):'), 10 | (commit) => commit.startsWith('chore(deps):'), 11 | (commit) => commit.startsWith('ci(pre-commit.ci):'), 12 | (commit) => commit.startsWith('[CI merge]') 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /openssh/files/default/fire_banner: -------------------------------------------------------------------------------- 1 | Welcome to {{ grains['id'] }}! 2 | 3 | Managed By 4 | ( ( 5 | )\ ) ( ) )\ ) ) ) 6 | (()/( ) )\ ( /((()/( ( /( ) ( /( 7 | /(_))( /( ((_))\())/(_)))\())( /( ( )\()) 8 | (_)) )(_)) _ (_))/(_)) (_))/ )(_)) )\ ((_)\ 9 | / __|((_)_ | || |_ / __|| |_ ((_)_ ((_)| |(_) 10 | \__ \/ _` || || _|\__ \| _|/ _` |/ _| | / / 11 | |___/\__,_||_| \__||___/ \__|\__,_|\__| |_\_\ 12 | 13 | Make sure changes get pushed into the state repo! 14 | -------------------------------------------------------------------------------- /test/integration/default/controls/packages_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # Overide by Platform 4 | package_name = 5 | case platform[:family] 6 | # `linux` here is sufficient for `arch` 7 | when 'suse', 'linux' 8 | 'openssh' 9 | else 10 | 'openssh-server' 11 | end 12 | 13 | control 'openssh package' do 14 | title 'should be installed' 15 | 16 | only_if do 17 | platform.family != 'bsd' 18 | end 19 | 20 | describe package(package_name) do 21 | it { should be_installed } 22 | end 23 | end 24 | -------------------------------------------------------------------------------- /bin/install-hooks: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | set -o nounset # Treat unset variables as an error and immediately exit 3 | set -o errexit # If a command fails exit the whole script 4 | 5 | if [ "${DEBUG:-false}" = "true" ]; then 6 | set -x # Run the entire script in debug mode 7 | fi 8 | 9 | if ! command -v pre-commit >/dev/null 2>&1; then 10 | echo "pre-commit not found: please install or check your PATH" >&2 11 | echo "See https://pre-commit.com/#installation" >&2 12 | exit 1 13 | fi 14 | 15 | pre-commit install --install-hooks 16 | pre-commit install --hook-type commit-msg --install-hooks 17 | -------------------------------------------------------------------------------- /openssh/parameters/map_jinja.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | values: 5 | sources: 6 | - "Y:G@osarch" 7 | - "Y:G@os_family" 8 | - "Y:G@os" 9 | - "Y:G@osfinger" 10 | 11 | # Merge values from `config.get` under `mapdata.` to keep 12 | # compatibility with user pillars. 13 | # The `` and `:lookup` are merged together 14 | - "C:SUB@openssh:lookup" 15 | - "C:SUB@openssh" 16 | - "C:SUB@sshd_config:lookup" 17 | - "C:SUB@sshd_config" 18 | - "C:SUB@ssh_config:lookup" 19 | - "C:SUB@ssh_config" 20 | 21 | - "Y:G@id" 22 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | # Extend the `default` configuration provided by `yamllint` 5 | extends: 'default' 6 | 7 | rules: 8 | comments: 9 | min-spaces-from-content: 1 10 | empty-values: 11 | forbid-in-block-mappings: true 12 | forbid-in-flow-mappings: true 13 | line-length: 14 | # Increase from default of `80` 15 | # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) 16 | max: 88 17 | allow-non-breakable-inline-mappings: true 18 | octal-values: 19 | forbid-implicit-octal: true 20 | forbid-explicit-octal: true 21 | -------------------------------------------------------------------------------- /openssh/parameters/os_family/Gentoo.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | # 4 | # Setup variables specific to salt['config.get']('os_family') == Gentoo. 5 | # You just need to add the key:values for this `os_family` that differ 6 | # from `defaults.yaml` + `.yaml`. 7 | # 8 | # If you do not need to provide defaults via the `os_family` config, 9 | # you can remove this file or provide at least an empty dict, e.g. 10 | # values: {} 11 | --- 12 | values: 13 | openssh: 14 | server: net-misc/openssh 15 | client: net-misc/openssh 16 | service: sshd 17 | dig_pkg: net-dns/bind-tools 18 | ... 19 | -------------------------------------------------------------------------------- /.copier-answers.ssf-ci.yml: -------------------------------------------------------------------------------- 1 | # Changes here will be overwritten by Copier; NEVER EDIT MANUALLY 2 | _commit: v2.10.2 3 | _src_path: https://github.com/dafyddj/copier-ssf-ci 4 | failure_permitted_ignored: [] 5 | failure_permitted_patterns: [] 6 | formula_name: openssh 7 | release_using_gha: false 8 | renovate_extend_presets: 9 | - github>saltstack-formulas/.github 10 | - github>saltstack-formulas/.github:copier 11 | renovate_ignore_presets: [] 12 | supported_oses: 13 | - AlmaLinux OS 14 | - Amazon Linux 15 | - CentOS 16 | - Debian 17 | - Fedora Linux 18 | - openSUSE 19 | - Oracle Linux 20 | - Rocky Linux 21 | - Ubuntu 22 | test_using_gha: false 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013-2014 Salt Stack Formulas 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /openssh/parameters/os_family/Arch.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | # 4 | # Setup variables specific to salt['config.get']('os_family') == Arch. 5 | # You just need to add the key:values for this `os_family` that differ 6 | # from `defaults.yaml` + `.yaml`. 7 | # 8 | # If you do not need to provide defaults via the `os_family` config, 9 | # you can remove this file or provide at least an empty dict, e.g. 10 | # values: {} 11 | --- 12 | values: 13 | openssh: 14 | server: openssh 15 | client: openssh 16 | service: sshd 17 | dig_pkg: bind 18 | sshd_config: 19 | Subsystem: sftp /usr/lib/ssh/sftp-server 20 | ... 21 | -------------------------------------------------------------------------------- /openssh/parameters/os_family/Suse.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | # 4 | # Setup variables specific to salt['config.get']('os_family') == Suse. 5 | # You just need to add the key:values for this `os_family` that differ 6 | # from `defaults.yaml` + `.yaml`. 7 | # 8 | # If you do not need to provide defaults via the `os_family` config, 9 | # you can remove this file or provide at least an empty dict, e.g. 10 | # values: {} 11 | --- 12 | values: 13 | openssh: 14 | server: openssh 15 | client: openssh 16 | service: sshd 17 | dig_pkg: bind-utils 18 | sshd_config: 19 | Subsystem: sftp /usr/lib/ssh/sftp-server 20 | ... 21 | -------------------------------------------------------------------------------- /openssh/parameters/os_family/FreeBSD.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | # 4 | # Setup variables specific to salt['config.get']('os_family') == FreeBSD. 5 | # You just need to add the key:values for this `os_family` that differ 6 | # from `defaults.yaml` + `.yaml`. 7 | # 8 | # If you do not need to provide defaults via the `os_family` config, 9 | # you can remove this file or provide at least an empty dict, e.g. 10 | # values: {} 11 | --- 12 | values: 13 | openssh: 14 | service: sshd 15 | dig_pkg: bind-tools 16 | sshd_config_group: wheel 17 | ssh_config_group: wheel 18 | sshd_config: 19 | Subsystem: sftp /usr/libexec/sftp-server 20 | ... 21 | -------------------------------------------------------------------------------- /openssh/parameters/os_family/Debian.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | # 4 | # Setup variables specific to salt['config.get']('os_family') == Debian. 5 | # You just need to add the key:values for this `os_family` that differ 6 | # from `defaults.yaml` + `.yaml`. 7 | # 8 | # If you do not need to provide defaults via the `os_family` config, 9 | # you can remove this file or provide at least an empty dict, e.g. 10 | # values: {} 11 | --- 12 | values: 13 | openssh: 14 | server: openssh-server 15 | client: openssh-client 16 | service: ssh 17 | dig_pkg: bind9-dnsutils 18 | sshd_config: 19 | Subsystem: sftp /usr/lib/openssh/sftp-server 20 | ... 21 | -------------------------------------------------------------------------------- /openssh/parameters/os_family/RedHat.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | # 4 | # Setup variables specific to salt['config.get']('os_family') == RedHat. 5 | # You just need to add the key:values for this `os_family` that differ 6 | # from `defaults.yaml` + `.yaml`. 7 | # 8 | # If you do not need to provide defaults via the `os_family` config, 9 | # you can remove this file or provide at least an empty dict, e.g. 10 | # values: {} 11 | --- 12 | values: 13 | openssh: 14 | server: openssh-server 15 | client: openssh-clients 16 | service: sshd 17 | dig_pkg: bind-utils 18 | sshd_config: 19 | Subsystem: sftp /usr/libexec/openssh/sftp-server 20 | ... 21 | -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | # General overrides used across formulas in the org 5 | Layout/LineLength: 6 | # Increase from default of `80` 7 | # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) 8 | Max: 88 9 | Metrics/BlockLength: 10 | AllowedMethods: 11 | - control 12 | - describe 13 | # Increase from default of `25` 14 | Max: 30 15 | Security/YAMLLoad: 16 | Exclude: 17 | - test/integration/**/_mapdata.rb 18 | 19 | # General settings across all cops in this formula 20 | AllCops: 21 | NewCops: enable 22 | 23 | # Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config` 24 | -------------------------------------------------------------------------------- /openssh/parameters/os_family/Solaris.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | # 4 | # Setup variables specific to salt['config.get']('os_family') == Solaris. 5 | # You just need to add the key:values for this `os_family` that differ 6 | # from `defaults.yaml` + `.yaml`. 7 | # 8 | # If you do not need to provide defaults via the `os_family` config, 9 | # you can remove this file or provide at least an empty dict, e.g. 10 | # values: {} 11 | --- 12 | values: 13 | openssh: 14 | service: network/ssh 15 | sshd_config_group: root 16 | ssh_config_group: root 17 | dig_pkg: bind 18 | sshd_binary: /usr/lib/ssh/sshd 19 | sshd_config: 20 | Subsystem: sftp internal-sftp 21 | ... 22 | -------------------------------------------------------------------------------- /test/integration/share/inspec.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | name: share 5 | title: InSpec shared resources 6 | maintainer: SaltStack Formulas 7 | license: Apache-2.0 8 | summary: shared resources 9 | supports: 10 | - platform-name: debian 11 | - platform-name: ubuntu 12 | - platform-name: centos 13 | - platform-name: fedora 14 | - platform-name: opensuse 15 | - platform-name: suse 16 | - platform-name: freebsd 17 | - platform-name: openbsd 18 | - platform-name: amazon 19 | - platform-name: oracle 20 | - platform-name: arch 21 | - platform-name: gentoo 22 | - platform-name: almalinux 23 | - platform-name: rocky 24 | - platform-name: mac_os_x 25 | - platform: windows 26 | -------------------------------------------------------------------------------- /openssh/parameters/os_family/OpenBSD.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | # 4 | # Setup variables specific to salt['config.get']('os_family') == OpenBSD. 5 | # You just need to add the key:values for this `os_family` that differ 6 | # from `defaults.yaml` + `.yaml`. 7 | # 8 | # If you do not need to provide defaults via the `os_family` config, 9 | # you can remove this file or provide at least an empty dict, e.g. 10 | # values: {} 11 | --- 12 | values: 13 | openssh: 14 | service: sshd 15 | # Already installed: `base68:/usr/bin/dig` 16 | dig_pkg: ~ 17 | sshd_config_group: wheel 18 | ssh_config_group: wheel 19 | sshd_config: 20 | Subsystem: sftp /usr/libexec/sftp-server 21 | ... 22 | -------------------------------------------------------------------------------- /openssh/init.sls: -------------------------------------------------------------------------------- 1 | {% from "openssh/map.jinja" import mapdata with context %} 2 | {%- set openssh = mapdata.openssh %} 3 | 4 | openssh: 5 | {% if openssh.server is defined %} 6 | pkg.installed: 7 | - name: {{ openssh.server }} 8 | {% if openssh.server_version is defined %} 9 | - version: {{ openssh.server_version }} 10 | {% endif %} 11 | {% endif %} 12 | {% if openssh.sshd_enable is sameas true %} 13 | service.running: 14 | - enable: {{ openssh.sshd_enable }} 15 | - name: {{ openssh.service }} 16 | {% if openssh.server is defined %} 17 | - require: 18 | - pkg: {{ openssh.server }} 19 | {% endif %} 20 | {% else %} 21 | service.dead: 22 | - enable: False 23 | - name: {{ openssh.service }} 24 | {% endif %} 25 | -------------------------------------------------------------------------------- /openssh/libsaltcli.jinja: -------------------------------------------------------------------------------- 1 | {#- -*- coding: utf-8 -*- #} 2 | {#- vim: ft=jinja #} 3 | 4 | {#- Get the relevant values from the `opts` dict #} 5 | {%- set opts_cli = opts.get('__cli', '') %} 6 | {%- set opts_masteropts_cli = opts | traverse('__master_opts__:__cli', '') %} 7 | 8 | {#- Determine the type of salt command being run #} 9 | {%- if opts_cli == 'salt-minion' %} 10 | {%- set cli = 'minion' %} 11 | {%- elif opts_cli == 'salt-call' %} 12 | {%- set cli = 'ssh' if opts_masteropts_cli in ('salt-ssh', 'salt-master') else 'local' %} 13 | {%- elif opts_cli %} 14 | {%- set cli = 'api' %} 15 | {%- else %} 16 | {%- set cli = 'unknown' %} 17 | {%- endif %} 18 | {%- do salt['log.debug']('[libsaltcli] the salt command type has been identified to be: ' ~ cli) %} 19 | -------------------------------------------------------------------------------- /openssh/_mapdata/init.sls: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=sls 3 | --- 4 | {#- Get the `tplroot` from `tpldir` #} 5 | {%- set tplroot = tpldir.split("/")[0] %} 6 | {%- from tplroot ~ "/map.jinja" import mapdata with context %} 7 | 8 | {%- set _mapdata = { 9 | "values": mapdata, 10 | } %} 11 | {%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %} 12 | 13 | {%- set output_dir = "/temp" if grains.os_family == "Windows" else "/tmp" %} 14 | {%- set output_file = output_dir ~ "/salt_mapdata_dump.yaml" %} 15 | 16 | {{ tplroot }}-mapdata-dump: 17 | file.managed: 18 | - name: {{ output_file }} 19 | - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja 20 | - template: jinja 21 | - context: 22 | map: {{ _mapdata | yaml }} 23 | -------------------------------------------------------------------------------- /.salt-lint: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | exclude_paths: 5 | # This is actually a Python file 6 | - _pillar/known_hosts_salt_ssh.sls 7 | rules: 8 | 204: # Lines should be no longer that 160 chars 9 | ignore: | 10 | test/salt/pillar/default.sls 11 | skip_list: 12 | # Using `salt-lint` for linting other files as well, such as Jinja macros/templates 13 | - 205 # Use ".sls" as a Salt State file extension 14 | # Skipping `207` and `208` because `210` is sufficient, at least for the time-being 15 | # I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755` 16 | - 207 # File modes should always be encapsulated in quotation marks 17 | - 208 # File modes should always contain a leading zero 18 | tags: [] 19 | verbosity: 1 20 | -------------------------------------------------------------------------------- /openssh/banner.sls: -------------------------------------------------------------------------------- 1 | {%- set tplroot = tpldir.split('/')[0] %} 2 | {%- from tplroot ~ "/map.jinja" import mapdata with context %} 3 | {%- from tplroot ~ "/libtofs.jinja" import files_switch %} 4 | {%- set openssh = mapdata.openssh %} 5 | 6 | include: 7 | - openssh 8 | 9 | sshd_banner: 10 | file.managed: 11 | - name: {{ openssh.banner }} 12 | {%- if openssh.banner_string is defined %} 13 | - contents: {{ openssh.banner_string | yaml }} 14 | {%- else %} 15 | {#- Preserve backward compatibility using the `if` below #} 16 | - source: {{ openssh.banner_src if '://' in openssh.banner_src 17 | else files_switch( [openssh.banner_src], 18 | 'sshd_banner' 19 | ) }} 20 | - template: jinja 21 | {%- endif %} 22 | -------------------------------------------------------------------------------- /test/integration/default/inspec.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | name: default 5 | title: openssh formula 6 | maintainer: SaltStack Formulas 7 | license: Apache-2.0 8 | summary: Verify that the openssh formula is setup and configured correctly 9 | depends: 10 | - name: share 11 | path: test/integration/share 12 | supports: 13 | - platform-name: debian 14 | - platform-name: ubuntu 15 | - platform-name: centos 16 | - platform-name: fedora 17 | - platform-name: opensuse 18 | - platform-name: suse 19 | - platform-name: freebsd 20 | - platform-name: openbsd 21 | - platform-name: amazon 22 | - platform-name: oracle 23 | - platform-name: arch 24 | - platform-name: gentoo 25 | - platform-name: almalinux 26 | - platform-name: rocky 27 | - platform-name: mac_os_x 28 | - platform: windows 29 | -------------------------------------------------------------------------------- /openssh/known_hosts.sls: -------------------------------------------------------------------------------- 1 | {%- set tplroot = tpldir.split('/')[0] %} 2 | {%- from tplroot ~ "/map.jinja" import mapdata with context %} 3 | {%- from tplroot ~ "/libtofs.jinja" import files_switch %} 4 | {%- set openssh = mapdata.openssh %} 5 | 6 | {%- if openssh.dig_pkg %} 7 | ensure dig is available: 8 | pkg.installed: 9 | - name: {{ openssh.dig_pkg }} 10 | - require_in: 11 | - file: manage ssh_known_hosts file 12 | {%- endif %} 13 | 14 | manage ssh_known_hosts file: 15 | file.managed: 16 | - name: {{ openssh.ssh_known_hosts }} 17 | - source: {{ files_switch( [openssh.ssh_known_hosts_src], 18 | 'manage ssh_known_hosts file' 19 | ) }} 20 | - template: jinja 21 | - context: 22 | known_hosts: {{ openssh | traverse("known_hosts", {}) | json }} 23 | - user: root 24 | - group: {{ openssh.ssh_config_group }} 25 | - mode: 644 26 | -------------------------------------------------------------------------------- /openssh/moduli.sls: -------------------------------------------------------------------------------- 1 | {% from "openssh/map.jinja" import mapdata with context %} 2 | {%- set openssh = mapdata.openssh %} 3 | 4 | {% set moduli = salt['pillar.get']('openssh:moduli', False) -%} 5 | {% set moduli_source = salt['pillar.get']('openssh:moduli_source', False) -%} 6 | {% if moduli or moduli_source -%} 7 | ssh_moduli: 8 | file.managed: 9 | - name: {{ openssh.ssh_moduli }} 10 | {% if moduli -%} 11 | # Although we have the contents of the moduli in the variable 'moduli', 12 | # inlining the variable here *will* cause problems. Using the '|' literal string indicator 13 | # Necessitates using the '|indent' filter, and this is too complex. 14 | # Rather, let salt read the pillar itself. 15 | - contents_pillar: openssh:moduli 16 | {% elif moduli_source -%} 17 | - source: {{ moduli_source }} 18 | - source_hash: {{ moduli_source|trim }}.hash 19 | {%- endif %} 20 | {% endif %} 21 | -------------------------------------------------------------------------------- /bin/kitchen: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # frozen_string_literal: true 3 | 4 | # 5 | # This file was generated by Bundler. 6 | # 7 | # The application 'kitchen' is installed as part of a gem, and 8 | # this file is here to facilitate running it. 9 | # 10 | 11 | require 'pathname' 12 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', 13 | Pathname.new(__FILE__).realpath) 14 | 15 | bundle_binstub = File.expand_path('bundle', __dir__) 16 | 17 | if File.file?(bundle_binstub) 18 | if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ 19 | load(bundle_binstub) 20 | else 21 | abort( 22 | 'Your `bin/bundle` was not generated by Bundler, ' \ 23 | 'so this binstub cannot run. Replace `bin/bundle` by running ' \ 24 | '`bundle binstubs bundler --force`, then run this command again.' 25 | ) 26 | end 27 | end 28 | 29 | require 'rubygems' 30 | require 'bundler/setup' 31 | 32 | load Gem.bin_path('test-kitchen', 'kitchen') 33 | -------------------------------------------------------------------------------- /kitchen.vagrant.yml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | driver: 5 | name: vagrant 6 | cache_directory: false 7 | customize: 8 | usbxhci: 'off' 9 | gui: false 10 | ssh: 11 | shell: /bin/sh 12 | linked_clone: true 13 | <% unless ENV['CI'] %> 14 | synced_folders: 15 | - - '.kitchen/kitchen-vagrant/%{instance_name}/vagrant' 16 | - '/vagrant' 17 | - 'create: true, disabled: false' 18 | <% end %> 19 | 20 | platforms: 21 | - name: freebsd-130-master-py3 22 | driver: 23 | box: myii/freebsd-13.0-master-py3 24 | - name: freebsd-123-master-py3 25 | driver: 26 | box: myii/freebsd-12.3-master-py3 27 | - name: freebsd-130-3004-0-py3 28 | driver: 29 | box: myii/freebsd-13.0-3004.0-py3 30 | - name: freebsd-123-3004-0-py3 31 | driver: 32 | box: myii/freebsd-12.3-3004.0-py3 33 | - name: openbsd-70-3003-3-py3 34 | driver: 35 | box: myii/openbsd-7.0-3003.3-py3 36 | ssh: 37 | shell: /bin/ksh 38 | synced_folders: [] 39 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | source ENV.fetch('PROXY_RUBYGEMSORG', 'https://rubygems.org') 4 | 5 | # Install the `inspec` gem using `git` because versions after `4.22.22` 6 | # suppress diff output; this version fixes this for our uses. 7 | # rubocop:disable Layout/LineLength 8 | gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec', branch: 'ssf' 9 | # rubocop:enable Layout/LineLength 10 | 11 | # Install the `kitchen-docker` gem using `git` in order to gain a performance 12 | # improvement: avoid package installations which are already covered by the 13 | # `salt-image-builder` (i.e. the pre-salted images that we're using) 14 | # rubocop:disable Layout/LineLength 15 | gem 'kitchen-docker', git: 'https://github.com/test-kitchen/kitchen-docker', ref: '511e4ad36856b9e2eccceb56603586e6cebd296a' 16 | # rubocop:enable Layout/LineLength 17 | 18 | gem 'kitchen-inspec', '3.0.0' 19 | gem 'kitchen-salt', '0.7.2' 20 | 21 | # Avoid the error 'pkeys are immutable on OpenSSL 3.0' 22 | gem 'net-ssh', '>= 7.0.0' 23 | 24 | gem 'test-kitchen', '3.9.0' 25 | -------------------------------------------------------------------------------- /openssh/config_ini.sls: -------------------------------------------------------------------------------- 1 | {%- from "openssh/map.jinja" import mapdata with context %} 2 | {%- set openssh = mapdata.openssh %} 3 | {%- set sshd_config = mapdata.sshd_config %} 4 | 5 | include: 6 | - openssh 7 | 8 | {%- if sshd_config %} 9 | sshd_config-with-ini: 10 | {#- Convert any tabs to a single space to prevent false positives #} 11 | {#- Ref: https://github.com/saltstack-formulas/openssh-formula/issues/162 #} 12 | {%- set regex_search_for_tabs = '^(\w+)\t+(\w)' %} 13 | {%- if salt['file.contains_regex'](openssh.sshd_config, regex_search_for_tabs) %} 14 | file.replace: 15 | - name: {{ openssh.sshd_config }} 16 | - pattern: {{ regex_search_for_tabs }} 17 | - repl: '\1 \2' 18 | - show_changes: True 19 | - require_in: 20 | - ini: sshd_config-with-ini 21 | {%- endif %} 22 | 23 | ini.options_present: 24 | - name: {{ openssh.sshd_config }} 25 | - separator: ' ' 26 | - watch_in: 27 | - service: {{ openssh.service }} 28 | - sections: 29 | {%- for k,v in sshd_config.items() %} 30 | {{ k }}: '{{ v }}' 31 | {%- endfor %} 32 | {%- endif %} 33 | -------------------------------------------------------------------------------- /openssh/parameters/defaults.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | values: 5 | openssh: 6 | sshd_enable: true 7 | sshd_binary: /usr/sbin/sshd 8 | sshd_config: /etc/ssh/sshd_config 9 | sshd_config_src: sshd_config # Default TOFS source filename 10 | sshd_config_user: root 11 | sshd_config_group: root 12 | sshd_config_mode: '644' 13 | sshd_config_backup: true 14 | ssh_config: /etc/ssh/ssh_config 15 | ssh_config_src: ssh_config # Default TOFS source filename 16 | ssh_config_user: root 17 | ssh_config_group: root 18 | ssh_config_mode: '644' 19 | ssh_config_backup: true 20 | banner: /etc/ssh/banner 21 | banner_src: banner # Default TOFS source filename 22 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 23 | ssh_known_hosts_src: ssh_known_hosts # Default TOFS source filename 24 | dig_pkg: dnsutils 25 | ssh_moduli: /etc/ssh/moduli 26 | root_group: root 27 | # Prevent merge of array; always override values 28 | host_key_algos: ecdsa,ed25519,rsa 29 | # To manage/remove DSA: 30 | # host_key_algos: dsa,ecdsa,ed25519,rsa 31 | 32 | sshd_config: {} 33 | ssh_config: {} 34 | ... 35 | -------------------------------------------------------------------------------- /openssh/auth_map.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - openssh 3 | 4 | {% from "openssh/map.jinja" import mapdata with context -%} 5 | {%- set openssh = mapdata.openssh %} 6 | {%- set sshd_config = mapdata.sshd_config %} 7 | {%- set authorized_keys_file = sshd_config.get("AuthorizedKeysFile", None) %} 8 | 9 | {%- for store, config in openssh.get("auth_map", {}).items() %} 10 | {%- set store_base = config["source"] %} 11 | # SSH store openssh:auth_map:{{ store }} 12 | {%- for user, keys in config.get("users", {}).items() %} 13 | {%- for key, key_cfg in keys.items() %} 14 | "ssh_auth--{{ store }}--{{ user }}--{{ key }}": 15 | {%- set present = key_cfg.get("present", True) %} 16 | {%- set options = key_cfg.get("options", []) %} 17 | {%- if present %} 18 | ssh_auth.present: 19 | - require: 20 | - service: {{ openssh.service }} 21 | {%- else %} 22 | ssh_auth.absent: 23 | {%- endif %} 24 | - user: {{ user }} 25 | - source: {{ store_base }}/{{ key }}.pub 26 | {%- if authorized_keys_file %} 27 | - config: "{{ authorized_keys_file }}" 28 | {%- endif %} 29 | {%- if options %} 30 | - options: "{{ options }}" 31 | {%- endif %} 32 | {%- endfor %} 33 | {%- endfor %} 34 | {%- endfor %} 35 | -------------------------------------------------------------------------------- /openssh/gather_host_keys.sls: -------------------------------------------------------------------------------- 1 | {%- set minions = salt.slsutil.renderer(opts['config_dir'] + '/roster') %} 2 | {%- set cache_dir = opts['cachedir'] + '/../master/known_hosts_salt_ssh' %} 3 | {%- set cmd = "cat /etc/ssh/ssh_host_*_key.pub 2>/dev/null" %} 4 | 5 | {{ cache_dir }}: 6 | file.directory: 7 | - makedirs: True 8 | 9 | {%- for minion_id in minions %} 10 | {%- set salt_ssh_cmd = "salt-ssh --out=json --static '{}' cmd.run_all '{}'".format(minion_id, cmd) %} 11 | {%- set result = salt['cmd.run_all'](salt_ssh_cmd, 12 | python_shell=True, 13 | runas=salt['pillar.get']('openssh:known_hosts:salt_ssh:user', 'salt-master') 14 | ) 15 | %} 16 | 17 | {%- set pubkeys = False %} 18 | {%- if result['retcode'] == 0 %} 19 | {%- load_json as inner_result %} 20 | {{ result['stdout'] }} 21 | {%- endload %} 22 | {%- set pubkeys = inner_result[minion_id]['stdout'].splitlines() | sort | join("\n") %} 23 | {%- else %} 24 | {%- do salt.log.error("{} failed: {}".format(salt_ssh_cmd, result)) %} 25 | {%- endif %} 26 | 27 | {%- if pubkeys %} 28 | {{ cache_dir }}/{{ minion_id }}.pub: 29 | file.managed: 30 | - contents: | 31 | {{ pubkeys | indent(8) }} 32 | - require: 33 | - file: {{ cache_dir }} 34 | {%- endif %} 35 | 36 | {%- endfor %} 37 | -------------------------------------------------------------------------------- /test/integration/default/README.md: -------------------------------------------------------------------------------- 1 | # InSpec Profile: `default` 2 | 3 | This shows the implementation of the `default` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). 4 | 5 | ## Verify a profile 6 | 7 | InSpec ships with built-in features to verify a profile structure. 8 | 9 | ```bash 10 | $ inspec check default 11 | Summary 12 | ------- 13 | Location: default 14 | Profile: profile 15 | Controls: 4 16 | Timestamp: 2019-06-24T23:09:01+00:00 17 | Valid: true 18 | 19 | Errors 20 | ------ 21 | 22 | Warnings 23 | -------- 24 | ``` 25 | 26 | ## Execute a profile 27 | 28 | To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. 29 | 30 | ```bash 31 | $ inspec exec default 32 | .. 33 | 34 | Finished in 0.0025 seconds (files took 0.12449 seconds to load) 35 | 8 examples, 0 failures 36 | ``` 37 | 38 | ## Execute a specific control from a profile 39 | 40 | To run one control from the profile use `inspec exec /path/to/profile --controls name`. 41 | 42 | ```bash 43 | $ inspec exec default --controls package 44 | . 45 | 46 | Finished in 0.0025 seconds (files took 0.12449 seconds to load) 47 | 1 examples, 0 failures 48 | ``` 49 | 50 | See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). 51 | -------------------------------------------------------------------------------- /pre-commit_semantic-release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ############################################################################### 4 | # (A) Update `FORMULA` with `${nextRelease.version}` 5 | ############################################################################### 6 | 7 | sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA 8 | 9 | 10 | ############################################################################### 11 | # (B) Update `AUTHORS.md` 12 | ############################################################################### 13 | 14 | maintainer contributor \ 15 | --ignore-contributors dependabot[bot],renovate[bot],semantic-release-bot 16 | 17 | ############################################################################### 18 | # (C) Use `m2r` to convert automatically produced `.md` docs to `.rst` 19 | ############################################################################### 20 | 21 | # Copy and then convert the `.md` docs 22 | cp ./*.md docs/ 23 | cd docs/ || exit 24 | m2r --overwrite ./*.md 25 | 26 | # Change excess `H1` headings to `H2` in converted `CHANGELOG.rst` 27 | sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst 28 | sed -i -e '1,4s/-/=/g' CHANGELOG.rst 29 | 30 | # Use for debugging output, when required 31 | # cat AUTHORS.rst 32 | # cat CHANGELOG.rst 33 | 34 | # Return back to the main directory 35 | cd .. 36 | -------------------------------------------------------------------------------- /test/integration/share/README.md: -------------------------------------------------------------------------------- 1 | # InSpec Profile: `share` 2 | 3 | This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). 4 | 5 | Its goal is to share the libraries between all profiles. 6 | 7 | ## Libraries 8 | 9 | ### `system` 10 | 11 | The `system` library provides easy access to system dependent information: 12 | 13 | - `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective 14 | - `system.platform[:family]` provide a family name for Arch and Gentoo 15 | - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows` 16 | - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo, openSUSE and Windows: 17 | - `Arch` is always `base-latest` 18 | - `Amazon Linux` release `2018` is resolved as `1` 19 | - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`) 20 | - `openSUSE` is resolved as `tumbleweed` if the `platform[:release]` is in date format 21 | - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version 22 | - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example) 23 | -------------------------------------------------------------------------------- /openssh/auth.sls: -------------------------------------------------------------------------------- 1 | {%- macro print_name(identifier, key) -%} 2 | {%- if 'name' in key %} 3 | {{ key['name'] }} 4 | {%- else %} 5 | {{ identifier }} 6 | {%- endif %} 7 | {%- endmacro -%} 8 | 9 | {%- macro print_ssh_auth(identifier, key) -%} 10 | {%- if 'user' in key %} 11 | - user: {{ key['user'] }} 12 | {%- else %} 13 | - user: {{ identifier }} 14 | {%- endif %} 15 | {%- if 'source' in key %} 16 | - source: {{ key['source'] }} 17 | {%- else %} 18 | {%- if 'enc' in key %} 19 | - enc: {{ key['enc'] }} 20 | {%- endif -%} 21 | {%- if 'comment' in key %} 22 | - comment: {{ key['comment'] }} 23 | {%- endif -%} 24 | {%- if 'options' in key %} 25 | - options: {{ key['options'] }} 26 | {%- endif -%} 27 | {%- endif %} 28 | {%- endmacro -%} 29 | 30 | include: 31 | - openssh 32 | {%- from "openssh/map.jinja" import mapdata with context -%} 33 | {%- set openssh = mapdata.openssh %} 34 | {%- set sshd_config = mapdata.sshd_config %} 35 | 36 | {%- set auth = openssh.get('auth', {}) -%} 37 | {%- for identifier,keys in auth.items() -%} 38 | {%- for key in keys -%} 39 | {% if 'present' in key and key['present'] %} 40 | {{ print_name(identifier, key) }}: 41 | ssh_auth.present: 42 | {{ print_ssh_auth(identifier, key) }} 43 | {%- if sshd_config.get("AuthorizedKeysFile", None) %} 44 | - config: '{{ sshd_config['AuthorizedKeysFile'] }}' 45 | {% endif %} 46 | - require: 47 | - service: {{ openssh.service }} 48 | {%- else %} 49 | {{ print_name(identifier, key) }}: 50 | ssh_auth.absent: 51 | {{ print_ssh_auth(identifier, key) }} 52 | {%- if sshd_config.get("AuthorizedKeysFile", None) %} 53 | - config: '{{ sshd_config['AuthorizedKeysFile'] }}' 54 | {% endif -%} 55 | {%- endif -%} 56 | {%- endfor -%} 57 | {%- endfor -%} 58 | -------------------------------------------------------------------------------- /release.config.js: -------------------------------------------------------------------------------- 1 | // Commit types appear in the changelog in this order 2 | const commitTypes = [ 3 | { type: 'feat', section: 'Features' }, 4 | { type: 'fix', section: 'Bug Fixes' }, 5 | { type: 'perf', section: 'Performance Improvements' }, 6 | { type: 'revert', section: 'Reversions' }, 7 | { type: 'refactor', section: 'Code Refactoring' }, 8 | { type: 'docs', section: 'Documentation' }, 9 | { type: 'test', section: 'Testing' }, 10 | { type: 'style', section: 'Style Changes' }, 11 | { type: 'ci', section: 'Continuous Integration' }, 12 | { type: 'build', section: 'Build System' }, 13 | { type: 'chore', section: 'Maintenance' } 14 | ] 15 | 16 | // Default rules can be found in `github.com/semantic-release/commit-analyzer/lib/default-release-rules.js` 17 | // that cover feat, fix, perf and breaking. 18 | // Commit types defined above but without release rules do not trigger a release 19 | // but will be incorporated into the next release. 20 | // NOTE: Any changes to commit types or release rules must be reflected in `CONTRIBUTING.rst`. 21 | const releaseRules = [ 22 | { type: 'docs', release: 'patch' }, 23 | { type: 'refactor', release: 'patch' }, 24 | { type: 'revert', release: 'patch' }, 25 | { type: 'style', release: 'patch' }, 26 | { type: 'test', release: 'patch' } 27 | ] 28 | 29 | const config = { 30 | // TODO: remove this when we no longer process releases on GitLab CI 31 | repositoryUrl: 'https://github.com/saltstack-formulas/openssh-formula', 32 | plugins: [ 33 | ['@semantic-release/commit-analyzer', { releaseRules }], 34 | '@semantic-release/release-notes-generator', 35 | ['@semantic-release/changelog', { 36 | changelogFile: 'CHANGELOG.md', 37 | changelogTitle: '# Changelog' 38 | }], 39 | ['@semantic-release/exec', { 40 | // eslint-disable-next-line no-template-curly-in-string 41 | prepareCmd: 'sh ./pre-commit_semantic-release.sh ${nextRelease.version}' 42 | }], 43 | ['@semantic-release/git', { 44 | assets: ['*.md', 'docs/*.rst', 'FORMULA'] 45 | }], 46 | '@semantic-release/github' 47 | ], 48 | preset: 'conventionalcommits', 49 | presetConfig: { 50 | types: commitTypes 51 | } 52 | } 53 | 54 | module.exports = config 55 | -------------------------------------------------------------------------------- /openssh/map.jinja: -------------------------------------------------------------------------------- 1 | {#- -*- coding: utf-8 -*- #} 2 | {#- vim: ft=jinja #} 3 | 4 | {#- Get the `tplroot` from `tpldir` #} 5 | {%- set tplroot = tpldir.split("/")[0] %} 6 | {%- from tplroot ~ "/libmapstack.jinja" import mapstack with context %} 7 | 8 | {#- Where to lookup parameters source files #} 9 | {%- set formula_param_dir = tplroot ~ "/parameters" %} 10 | 11 | {#- List of sources to lookup for parameters #} 12 | {#- Fallback to previously used grains plus minion `id` #} 13 | {%- set map_sources = [ 14 | "Y:G@osarch", 15 | "Y:G@os_family", 16 | "Y:G@os", 17 | "Y:G@osfinger", 18 | "C@" ~ tplroot ~ ":lookup", 19 | "C@" ~ tplroot, 20 | "Y:G@id", 21 | ] %} 22 | 23 | {%- set _map_settings = mapstack( 24 | matchers=["map_jinja.yaml"], 25 | defaults={ 26 | "values": {"sources": map_sources} 27 | }, 28 | log_prefix="map.jinja configuration: ", 29 | ) 30 | | load_yaml %} 31 | 32 | {%- set map_sources = _map_settings | traverse("values:sources") %} 33 | {%- do salt["log.debug"]( 34 | "map.jinja: load parameters from sources:\n" 35 | ~ map_sources 36 | | yaml(False) 37 | ) %} 38 | 39 | {#- Load formula parameters values #} 40 | {%- set _formula_matchers = ["defaults.yaml"] + map_sources %} 41 | 42 | {%- set _formula_settings = mapstack( 43 | matchers=_formula_matchers, 44 | dirs=[formula_param_dir], 45 | defaults={ 46 | "values": {}, 47 | "merge_strategy": salt["config.get"](tplroot ~ ":strategy", None), 48 | "merge_lists": salt["config.get"](tplroot ~ ":merge_lists", False), 49 | }, 50 | log_prefix="map.jinja: ", 51 | ) 52 | | load_yaml %} 53 | 54 | {#- Make sure to track `map.jinja` configuration with `_mapdata` #} 55 | {%- do _formula_settings["values"].update( 56 | { 57 | "map_jinja": _map_settings["values"] 58 | } 59 | ) %} 60 | 61 | {%- do salt["log.debug"]("map.jinja: save parameters in variable 'mapdata'") %} 62 | {%- set mapdata = _formula_settings["values"] %} 63 | 64 | {#- Per formula post-processing of `mapdata` if it exists #} 65 | {%- do salt["log.debug"]("map.jinja: post-processing of 'mapdata'") %} 66 | {%- include tplroot ~ "/post-map.jinja" ignore missing %} 67 | -------------------------------------------------------------------------------- /test/integration/default/controls/config_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # Overide by Platform 4 | root_group = 5 | case platform[:family] 6 | when 'bsd' 7 | 'wheel' 8 | else 9 | 'root' 10 | end 11 | 12 | github_known_host = 'github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...]' 13 | gitlab_known_host_re = /gitlab.com,[0-9a-f.:,]* ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABA/ 14 | minion_rsa_known_host = 'minion.id,alias.of.minion.id ssh-rsa [...]' 15 | minion_ed25519_known_host = 'minion.id,alias.of.minion.id ssh-ed25519 [...]' 16 | 17 | control 'openssh configuration' do 18 | title 'should match desired lines' 19 | 20 | describe file('/etc/ssh/sshd_config') do 21 | it { should be_file } 22 | its('mode') { should cmp '0644' } 23 | it { should be_owned_by 'root' } 24 | it { should be_grouped_into root_group } 25 | its('content') { should include 'ChallengeResponseAuthentication no' } 26 | its('content') { should include 'X11Forwarding yes' } 27 | its('content') { should include 'PrintMotd no' } 28 | its('content') { should include 'AcceptEnv LANG LC_*' } 29 | its('content') { should include 'Subsystem sftp /usr/lib/openssh/sftp-server' } 30 | unless %w[openbsd].include?(platform[:name]) 31 | its('content') { should include 'UsePAM yes' } 32 | end 33 | end 34 | 35 | describe file('/etc/ssh/ssh_config') do 36 | it { should be_file } 37 | its('mode') { should cmp '0644' } 38 | it { should be_owned_by 'root' } 39 | it { should be_grouped_into root_group } 40 | its('content') { should include 'Host *' } 41 | its('content') { should include ' GSSAPIAuthentication yes' } 42 | its('content') { should include ' HashKnownHosts yes' } 43 | its('content') { should include ' SendEnv LANG LC_*' } 44 | end 45 | 46 | describe file('/etc/ssh/ssh_known_hosts') do 47 | it { should be_file } 48 | its('mode') { should cmp '0644' } 49 | it { should be_owned_by 'root' } 50 | it { should be_grouped_into root_group } 51 | its('content') { should include github_known_host } 52 | its('content') { should match(gitlab_known_host_re) } 53 | its('content') { should include minion_rsa_known_host } 54 | its('content') { should include minion_ed25519_known_host } 55 | end 56 | end 57 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | wheels/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a packager 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | .kitchen 49 | .kitchen.local.yml 50 | kitchen.local.yml 51 | junit-*.xml 52 | 53 | # Translations 54 | *.mo 55 | *.pot 56 | 57 | # Django stuff: 58 | *.log 59 | local_settings.py 60 | 61 | # Flask stuff: 62 | instance/ 63 | .webassets-cache 64 | 65 | # Scrapy stuff: 66 | .scrapy 67 | 68 | # Sphinx documentation 69 | docs/_build/ 70 | 71 | # PyBuilder 72 | target/ 73 | 74 | # Jupyter Notebook 75 | .ipynb_checkpoints 76 | 77 | # pyenv 78 | .python-version 79 | 80 | # celery beat schedule file 81 | celerybeat-schedule 82 | 83 | # SageMath parsed files 84 | *.sage.py 85 | 86 | # dotenv 87 | .env 88 | 89 | # virtualenv 90 | .venv 91 | venv/ 92 | ENV/ 93 | 94 | # visual studio 95 | .vs/ 96 | 97 | # Spyder project settings 98 | .spyderproject 99 | .spyproject 100 | 101 | # Rope project settings 102 | .ropeproject 103 | 104 | # mkdocs documentation 105 | /site 106 | 107 | # mypy 108 | .mypy_cache/ 109 | 110 | # Bundler 111 | .bundle/ 112 | 113 | # copied `.md` files used for conversion to `.rst` using `m2r` 114 | docs/*.md 115 | 116 | # Vim 117 | *.sw? 118 | 119 | ## Collected when centralising formulas (check and sort) 120 | # `collectd-formula` 121 | .pytest_cache/ 122 | /.idea/ 123 | Dockerfile.*_* 124 | ignore/ 125 | tmp/ 126 | 127 | # `salt-formula` -- Vagrant Specific files 128 | .vagrant 129 | top.sls 130 | !test/salt/pillar/top.sls 131 | 132 | # `suricata-formula` -- Platform binaries 133 | *.rpm 134 | *.deb 135 | -------------------------------------------------------------------------------- /test/integration/default/controls/_mapdata.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'yaml' 4 | 5 | control 'openssh._mapdata' do 6 | title '`map.jinja` should match the reference file' 7 | 8 | ### Method 9 | # The steps below for each file appear convoluted but they are both required 10 | # and similar in nature: 11 | # 1. The earliest method was to simply compare the files textually but this often 12 | # led to false positives due to inconsistencies (e.g. spacing, ordering) 13 | # 2. The next method was to load the files back into YAML structures and then 14 | # compare but InSpec provided block diffs this way, unusable by end users 15 | # 3. The final step was to dump the YAML structures back into a string to use 16 | # for the comparison; this both worked and provided human-friendly diffs 17 | 18 | ### Comparison file for the specific platform 19 | ### Static, adjusted as part of code contributions, as map data is changed 20 | # Strip the `platform[:finger]` version number down to the "OS major release" 21 | platform_finger = system.platform[:finger].split('.').first.to_s 22 | # Use that to set the path to the file (relative to the InSpec suite directory) 23 | mapdata_file_path = "_mapdata/#{platform_finger}.yaml" 24 | # Load the mapdata from profile, into a YAML structure 25 | # https://docs.chef.io/inspec/profiles/#profile-files 26 | mapdata_file_yaml = YAML.load(inspec.profile.file(mapdata_file_path)) 27 | # Dump the YAML back into a string for comparison 28 | mapdata_file_dump = YAML.dump(mapdata_file_yaml) 29 | 30 | ### Output file produced by running the `_mapdata` state 31 | ### Dynamic, generated during Kitchen's `converge` phase 32 | # Derive the location of the dumped mapdata (differs for Windows) 33 | output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp' 34 | # Use that to set the path to the file (absolute path, i.e. within the container) 35 | output_file_path = "#{output_dir}/salt_mapdata_dump.yaml" 36 | # Load the output into a YAML structure using InSpec's `yaml` resource 37 | # https://github.com/inspec/inspec/blob/49b7d10/lib/inspec/resources/yaml.rb#L29 38 | output_file_yaml = yaml(output_file_path).params 39 | # Dump the YAML back into a string for comparison 40 | output_file_dump = YAML.dump(output_file_yaml) 41 | 42 | describe 'File content' do 43 | it 'should match profile map data exactly' do 44 | expect(output_file_dump).to eq(mapdata_file_dump) 45 | end 46 | end 47 | end 48 | -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Test & release 3 | 4 | 'on': 5 | - pull_request 6 | - push 7 | 8 | concurrency: 9 | group: ${{ github.workflow }}-${{ github.ref }} 10 | cancel-in-progress: ${{ github.ref != format('refs/heads/{0}', 11 | github.event.repository.default_branch) }} 12 | 13 | jobs: 14 | should-run: 15 | name: Prep / Should run 16 | runs-on: ubuntu-latest 17 | timeout-minutes: 5 18 | outputs: 19 | should-run: ${{ steps.action.outputs.should-run }} 20 | steps: 21 | - id: action 22 | # yamllint disable-line rule:line-length 23 | uses: techneg-it/should-workflow-run@eff19348eb884f57e05bc6f05ae48ece3af14714 # v1.0.1 24 | pre-commit: 25 | name: Lint / `pre-commit` 26 | needs: should-run 27 | if: fromJSON(needs.should-run.outputs.should-run) 28 | container: techneg/ci-pre-commit:v2.5.19@sha256:64cb1f774a3d6abdd498f6be4b3dbe261f821e1dd088c00c23504f39d0c1cf03 29 | runs-on: ubuntu-latest 30 | timeout-minutes: 10 31 | steps: 32 | - run: | # Needed because of bug #2031 in `actions/checkout` 33 | git config --global --add safe.directory "$GITHUB_WORKSPACE" 34 | - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 35 | with: 36 | fetch-depth: 0 37 | fetch-tags: true 38 | filter: tree:0 39 | - name: Export `CI_CACHE_ID` from container 40 | run: echo "CI_CACHE_ID=$(cat /.ci_cache_id)" >> $GITHUB_ENV 41 | - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 42 | with: 43 | path: ~/.cache/pre-commit 44 | key: "${{ env.CI_CACHE_ID }}|\ 45 | ${{ hashFiles('.pre-commit-config.yaml') }}" 46 | restore-keys: | 47 | ${{ env.CI_CACHE_ID }}| 48 | - name: Build cache 49 | run: | 50 | pre-commit gc 51 | echo "Installing hook environments..." 52 | time -f "Hook installation took %E" pre-commit install-hooks 53 | - name: Run `pre-commit` 54 | run: | 55 | pre-commit run --all-files --color always --verbose 56 | pre-commit run --color always --hook-stage manual --verbose commitlint-ci 57 | results: 58 | name: Release / Collect results 59 | permissions: 60 | contents: write 61 | issues: write 62 | pull-requests: write 63 | checks: read 64 | container: techneg/ci-semantic-release:v1.2.17@sha256:4db8d4b3b1451131ce77bd857254de2f3c5579172955b2a6a2d4ec4326789196 65 | runs-on: ubuntu-latest 66 | timeout-minutes: 15 67 | steps: 68 | - run: | # Needed due to bug actions/checkout#2031 69 | git config --global --add safe.directory "$GITHUB_WORKSPACE" 70 | - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 71 | # yamllint disable-line rule:line-length 72 | - uses: poseidon/wait-for-status-checks@899c768d191b56eef585c18f8558da19e1f3e707 # v0.6.0 73 | with: 74 | ignore: > 75 | Release / Collect results 76 | ignore_pattern: ^GitLab CI 77 | token: ${{ secrets.GITHUB_TOKEN }} 78 | - name: Run `semantic-release` 79 | env: 80 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 81 | MAINTAINER_TOKEN: ${{ secrets.GITHUB_TOKEN }} 82 | run: | 83 | semantic-release --dry-run 84 | - run: echo "::notice ::Workflow success!" 85 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners 2 | 3 | # SECTION: Owner(s) for everything in the repo, unless a later match takes precedence 4 | # ************************************************************************** 5 | # *** NO GLOBAL OWNER(S) SPECIFIED *** 6 | # *** Ideally this will be defined for a healthy, well-maintained repo *** 7 | # ************************************************************************** 8 | # FILE PATTERN OWNER(S) 9 | * @NONE 10 | 11 | # SECTION: Owner(s) for specific directories 12 | # FILE PATTERN OWNER(S) 13 | 14 | # SECTION: Owner(s) for files/directories related to `semantic-release` 15 | # FILE PATTERN OWNER(S) 16 | /.github/workflows/ @saltstack-formulas/ssf 17 | /bin/install-hooks @saltstack-formulas/ssf 18 | /bin/kitchen @saltstack-formulas/ssf 19 | /docs/AUTHORS.rst @saltstack-formulas/ssf 20 | /docs/CHANGELOG.rst @saltstack-formulas/ssf 21 | /docs/TOFS_pattern.rst @saltstack-formulas/ssf 22 | /*/_mapdata/ @saltstack-formulas/ssf 23 | /*/libmapstack.jinja @saltstack-formulas/ssf 24 | /*/libmatchers.jinja @saltstack-formulas/ssf 25 | /*/libsaltcli.jinja @saltstack-formulas/ssf 26 | /*/libtofs.jinja @saltstack-formulas/ssf 27 | /*/map.jinja @saltstack-formulas/ssf 28 | /test/integration/**/_mapdata.rb @saltstack-formulas/ssf 29 | /test/integration/**/libraries/system.rb @saltstack-formulas/ssf 30 | /test/integration/**/inspec.yml @saltstack-formulas/ssf 31 | /test/integration/**/README.md @saltstack-formulas/ssf 32 | /test/salt/pillar/top.sls @saltstack-formulas/ssf 33 | /.gitignore @saltstack-formulas/ssf 34 | /.cirrus.yml @saltstack-formulas/ssf 35 | /.gitlab-ci.yml @saltstack-formulas/ssf 36 | /.pre-commit-config.yaml @saltstack-formulas/ssf 37 | /.rstcheck.cfg @saltstack-formulas/ssf 38 | /.rubocop.yml @saltstack-formulas/ssf 39 | /.salt-lint @saltstack-formulas/ssf 40 | /.travis.yml @saltstack-formulas/ssf 41 | /.yamllint @saltstack-formulas/ssf 42 | /AUTHORS.md @saltstack-formulas/ssf 43 | /CHANGELOG.md @saltstack-formulas/ssf 44 | /CODEOWNERS @saltstack-formulas/ssf 45 | /commitlint.config.js @saltstack-formulas/ssf 46 | /FORMULA @saltstack-formulas/ssf 47 | /Gemfile @saltstack-formulas/ssf 48 | /Gemfile.lock @saltstack-formulas/ssf 49 | /kitchen.yml @saltstack-formulas/ssf 50 | /kitchen.vagrant.yml @saltstack-formulas/ssf 51 | /kitchen.windows.yml @saltstack-formulas/ssf 52 | /pre-commit_semantic-release.sh @saltstack-formulas/ssf 53 | /release-rules.js @saltstack-formulas/ssf 54 | /release.config.js @saltstack-formulas/ssf 55 | 56 | # SECTION: Owner(s) for specific files 57 | # FILE PATTERN OWNER(S) 58 | -------------------------------------------------------------------------------- /_pillar/known_hosts_salt_ssh.sls: -------------------------------------------------------------------------------- 1 | #!py 2 | 3 | import logging 4 | import os.path 5 | import re 6 | import subprocess 7 | 8 | cache = {} 9 | ssh_key_pattern = re.compile("^[^ ]+ (ssh-.+)$") 10 | log = logging.getLogger(__name__) 11 | 12 | def config_dir(): 13 | if '__master_opts__' in __opts__: 14 | # run started via salt-ssh 15 | return __opts__['__master_opts__']['config_dir'] 16 | else: 17 | # run started via salt 18 | return __opts__['config_dir'] 19 | 20 | def cache_dir(): 21 | if '__master_opts__' in __opts__: 22 | # run started via salt-ssh 23 | return __opts__['__master_opts__']['cachedir'] 24 | else: 25 | # run started via salt 26 | return __opts__['cachedir']+'/../master' 27 | 28 | def minions(): 29 | if not 'minions' in cache: 30 | cache['minions'] = __salt__.slsutil.renderer(config_dir() + '/roster') 31 | return cache['minions'] 32 | 33 | def host_variants(minion): 34 | _variants = [minion] 35 | def add_port_variant(host): 36 | if 'port' in minions()[minion]: 37 | _variants.append("[{}]:{}".format(host, minions()[minion]['port'])) 38 | add_port_variant(minion) 39 | if 'host' in minions()[minion]: 40 | host = minions()[minion]['host'] 41 | _variants.append(host) 42 | add_port_variant(host) 43 | return _variants 44 | 45 | def host_keys_from_known_hosts(minion, path): 46 | ''' 47 | Fetches all host keys of the given minion. 48 | ''' 49 | if not os.path.isfile(path): 50 | return [] 51 | pubkeys = [] 52 | def fill_pubkeys(host): 53 | for line in host_key_of(host, path).splitlines(): 54 | match = ssh_key_pattern.search(line) 55 | if match: 56 | pubkeys.append(match.group(1)) 57 | # Try the minion ID and its variants first 58 | for host in host_variants(minion): 59 | fill_pubkeys(host) 60 | # When no keys were found ... 61 | if not pubkeys: 62 | # ... fetch IP addresses via DNS and try them. 63 | for host in (salt['dig.A'](minion) + salt['dig.AAAA'](minion)): 64 | fill_pubkeys(host) 65 | # When not a single key was found anywhere: 66 | if not pubkeys: 67 | log.error("No SSH host key found for {}. " 68 | "You may need to add it to {}.".format(minion, path)) 69 | return "\n".join(pubkeys) 70 | 71 | def host_key_of(host, path): 72 | cmd = ["ssh-keygen", "-H", "-F", host, "-f", path] 73 | call = subprocess.Popen( 74 | cmd, 75 | stdout=subprocess.PIPE, 76 | stderr=subprocess.PIPE 77 | ) 78 | out, err = call.communicate() 79 | if err == '': 80 | return out 81 | else: 82 | log.error("{} failed:\nSTDERR: {}\nSTDOUT: {}".format( 83 | " ".join(cmd), 84 | err, 85 | out 86 | )) 87 | return "" 88 | 89 | def host_keys(minion_id): 90 | # Get keys from trusted known_hosts file 91 | trusted_keys = host_keys_from_known_hosts(minion_id, 92 | config_dir()+'/known_hosts') 93 | if trusted_keys: 94 | return trusted_keys 95 | # Get keys from host key cache 96 | cache_file = "{}/known_hosts_salt_ssh/{}.pub".format(cache_dir(), minion_id) 97 | try: 98 | with open(cache_file, 'r') as f: 99 | return f.read() 100 | except IOError: 101 | return '' 102 | 103 | def run(): 104 | cache = {} # clear the cache 105 | config = { 106 | 'public_ssh_host_keys': {}, 107 | 'public_ssh_host_names': {} 108 | } 109 | for minion in minions().keys(): 110 | config['public_ssh_host_keys'][minion] = host_keys(minion) 111 | config['public_ssh_host_names'][minion] = minion 112 | return {'openssh': {'known_hosts': {'salt_ssh': config}}} 113 | 114 | # vim: ts=4:sw=4:syntax=python 115 | -------------------------------------------------------------------------------- /test/integration/share/libraries/system.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | # system.rb -- InSpec resources for system values 4 | # Author: Daniel Dehennin 5 | # Copyright (C) 2020 Daniel Dehennin 6 | 7 | # rubocop:disable Metrics/ClassLength 8 | class SystemResource < Inspec.resource(1) 9 | name 'system' 10 | 11 | attr_reader :platform 12 | 13 | def initialize 14 | super 15 | @platform = build_platform 16 | end 17 | 18 | private 19 | 20 | def build_platform 21 | { 22 | family: build_platform_family, 23 | name: build_platform_name, 24 | release: build_platform_release, 25 | finger: build_platform_finger, 26 | codename: build_platform_codename 27 | } 28 | end 29 | 30 | def build_platform_family 31 | case inspec.platform[:name] 32 | when 'arch', 'gentoo' 33 | inspec.platform[:name] 34 | else 35 | inspec.platform[:family] 36 | end 37 | end 38 | 39 | def build_platform_name 40 | case inspec.platform[:name] 41 | when 'amazon', 'oracle', 'rocky' 42 | "#{inspec.platform[:name]}linux" 43 | when /^windows_/ 44 | inspec.platform[:family] 45 | else 46 | inspec.platform[:name] 47 | end 48 | end 49 | 50 | # rubocop:disable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity 51 | def build_platform_release 52 | case inspec.platform[:name] 53 | when 'amazon' 54 | # `2018` relase is named `1` in `kitchen.yml` 55 | inspec.platform[:release].gsub(/2018.*/, '1') 56 | when 'arch' 57 | 'base-latest' 58 | when 'gentoo' 59 | "#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}" 60 | when 'mac_os_x' 61 | inspec.command('sw_vers -productVersion').stdout.to_s 62 | when 'opensuse' 63 | # rubocop:disable Style/NumericLiterals,Layout/LineLength 64 | inspec.platform[:release].to_i > 20210101 ? 'tumbleweed' : inspec.platform[:release] 65 | # rubocop:enable Style/NumericLiterals,Layout/LineLength 66 | when 'windows_8.1_pro' 67 | '8.1' 68 | when 'windows_server_2022_datacenter' 69 | '2022-server' 70 | when 'windows_server_2019_datacenter' 71 | '2019-server' 72 | when 'windows_server_2016_datacenter' 73 | '2016-server' 74 | else 75 | inspec.platform[:release] 76 | end 77 | end 78 | # rubocop:enable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity 79 | 80 | def derive_gentoo_init_system 81 | inspec.command('systemctl').exist? ? 'sysd' : 'sysv' 82 | end 83 | 84 | def build_platform_finger 85 | "#{build_platform_name}-#{build_finger_release}" 86 | end 87 | 88 | def build_finger_release 89 | case inspec.platform[:name] 90 | when 'ubuntu' 91 | build_platform_release.split('.').slice(0, 2).join('.') 92 | else 93 | build_platform_release.split('.')[0] 94 | end 95 | end 96 | 97 | # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity 98 | def build_platform_codename 99 | case build_platform_finger 100 | when 'ubuntu-22.04' 101 | 'jammy' 102 | when 'ubuntu-20.04' 103 | 'focal' 104 | when 'ubuntu-18.04' 105 | 'bionic' 106 | when 'debian-11' 107 | 'bullseye' 108 | when 'debian-10' 109 | 'buster' 110 | when 'debian-9' 111 | 'stretch' 112 | when 'almalinux-8' 113 | "AlmaLinux #{build_platform_release} (Arctic Sphynx)" 114 | when 'amazonlinux-2' 115 | 'Amazon Linux 2' 116 | when 'arch-base-latest' 117 | 'Arch Linux' 118 | when 'centos-7' 119 | 'CentOS Linux 7 (Core)' 120 | when 'centos-8' 121 | 'CentOS Stream 8' 122 | when 'opensuse-tumbleweed' 123 | 'openSUSE Tumbleweed' 124 | when 'opensuse-15' 125 | "openSUSE Leap #{build_platform_release}" 126 | when 'oraclelinux-8', 'oraclelinux-7' 127 | "Oracle Linux Server #{build_platform_release}" 128 | when 'gentoo-2-sysd', 'gentoo-2-sysv' 129 | 'Gentoo/Linux' 130 | when 'rockylinux-8' 131 | "Rocky Linux #{build_platform_release} (Green Obsidian)" 132 | else 133 | '' 134 | end 135 | end 136 | # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity 137 | end 138 | # rubocop:enable Metrics/ClassLength 139 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # vim: ft=yaml 3 | --- 4 | # See https://pre-commit.com for more information 5 | # See https://pre-commit.com/hooks.html for more hooks 6 | ci: 7 | autofix_commit_msg: | 8 | ci(pre-commit.ci): apply auto fixes from pre-commit.com hooks 9 | 10 | For more information, see https://pre-commit.ci 11 | autofix_prs: true 12 | autoupdate_branch: '' 13 | autoupdate_commit_msg: | 14 | ci(pre-commit.ci): perform `pre-commit` autoupdate 15 | autoupdate_schedule: quarterly 16 | skip: [] 17 | submodules: false 18 | default_stages: [pre-commit] 19 | repos: 20 | - repo: https://github.com/pre-commit/pre-commit-hooks 21 | rev: v6.0.0 22 | hooks: 23 | - id: check-merge-conflict 24 | name: Check for Git merge conflicts 25 | args: [--assume-in-merge] 26 | exclude: ^docs/AUTHORS.rst$ 27 | - repo: https://github.com/dafyddj/mirrors-commitlint 28 | rev: v19.8.1 29 | hooks: 30 | - id: commitlint 31 | - id: commitlint-ci 32 | - repo: https://github.com/rubocop-hq/rubocop 33 | rev: v1.81.7 34 | hooks: 35 | - id: rubocop 36 | name: Check Ruby files with rubocop 37 | args: [--debug] 38 | - repo: https://github.com/shellcheck-py/shellcheck-py 39 | rev: v0.9.0.6 40 | hooks: 41 | - id: shellcheck 42 | name: Check shell scripts with shellcheck 43 | files: ^.*\.(sh|bash|ksh)$ 44 | types: [] 45 | - repo: https://github.com/adrienverge/yamllint 46 | rev: v1.37.1 47 | hooks: 48 | - id: yamllint 49 | name: Check YAML syntax with yamllint 50 | args: [--strict] 51 | types: [file] 52 | # Files to include 53 | # 1. Obvious YAML files 54 | # 2. `pillar.example` and similar files 55 | # 3. SLS files under directory `test/` which are pillar files 56 | # Files to exclude 57 | # 1. SLS files under directory `test/` which are state files 58 | # 2. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax 59 | # 3. YAML files heavily reliant on Jinja 60 | # 4. `.copier-answers.yml` and its variants which are auto-generated 61 | files: | 62 | (?x)^( 63 | .*\.yaml| 64 | .*\.yml| 65 | \.salt-lint| 66 | \.yamllint| 67 | .*\.example| 68 | test/.*\.sls 69 | )$ 70 | exclude: | 71 | (?x)^( 72 | \.copier-answers(\..+)?\.ya?ml| 73 | kitchen.vagrant.yml| 74 | test/.*/states/.*\.sls 75 | )$ 76 | - repo: https://github.com/warpnet/salt-lint 77 | rev: v0.9.2 78 | hooks: 79 | - id: salt-lint 80 | name: Check Salt files using salt-lint 81 | files: ^.*\.(sls|jinja|j2|tmpl|tst)$ 82 | - repo: https://github.com/rstcheck/rstcheck 83 | rev: v6.2.5 84 | hooks: 85 | - id: rstcheck 86 | name: Check reST files using rstcheck 87 | exclude: 'docs/CHANGELOG.rst' 88 | additional_dependencies: [sphinx==7.2.6] 89 | - repo: https://github.com/saltstack-formulas/mirrors-rst-lint 90 | rev: v1.4.0 91 | hooks: 92 | - id: rst-lint 93 | name: Check reST files using rst-lint 94 | exclude: | 95 | (?x)^( 96 | docs/CHANGELOG.rst| 97 | docs/TOFS_pattern.rst| 98 | docs/CONTRIBUTING_DOCS.rst| 99 | docs/index.rst| 100 | )$ 101 | additional_dependencies: [pygments==2.16.1] 102 | - repo: https://github.com/renovatebot/pre-commit-hooks 103 | rev: 42.29.5 104 | hooks: 105 | - id: renovate-config-validator 106 | name: Check Renovate config with renovate-config-validator 107 | - repo: https://github.com/python-jsonschema/check-jsonschema 108 | rev: 0.35.0 109 | hooks: 110 | - id: check-github-workflows 111 | name: Check GitHub workflows with check-jsonschema 112 | args: [--verbose] 113 | - id: check-gitlab-ci 114 | name: Check GitLab CI config with check-jsonschema 115 | args: [--verbose] 116 | - repo: https://github.com/standard/standard 117 | rev: v17.1.2 118 | hooks: 119 | - id: standard 120 | name: Check JavaScript files using standardJS 121 | -------------------------------------------------------------------------------- /openssh/files/default/ssh_known_hosts: -------------------------------------------------------------------------------- 1 | {# 2 | # vi:syntax=jinja 3 | #} 4 | 5 | {#- Generates one known_hosts entry per given key #} 6 | {%- macro known_host_entry(host, host_names, keys, include_localhost, omit_ip_address) %} 7 | 8 | {#- Get IPv4 and IPv6 addresses from the DNS #} 9 | {%- if not ((omit_ip_address is sameas true) or (host in omit_ip_address)) %} 10 | {%- set ip4 = salt['dig.A'](host) -%} 11 | {%- set ip6 = salt['dig.AAAA'](host) -%} 12 | {%- else %} 13 | {%- set ip4 = [] -%} 14 | {%- set ip6 = [] -%} 15 | {%- endif %} 16 | 17 | {#- The host names to use are to be found within the dict 'host_names'. #} 18 | {#- If there are none, the host is used directly. #} 19 | {%- set names = host_names.get(host, host) -%} 20 | {%- set names = [names] if names is string else names %} 21 | {%- if include_localhost and host == grains['id'] %} 22 | {%- do names.append('localhost') %} 23 | {%- do names.append('127.0.0.1') %} 24 | {%- do names.append('::1') %} 25 | {%- endif -%} 26 | 27 | {#- Extract the hostname from the FQDN and add it to the names. #} 28 | {%- if use_hostnames is iterable -%} 29 | {%- for name in names | sort -%} 30 | {%- if salt["match.{}".format(hostnames_tgt_type)](hostnames_target, minion_id=name) -%} 31 | {%- set hostname = name.split('.')|first -%} 32 | {%- if hostname not in names -%} 33 | {%- do names.append(hostname) -%} 34 | {%- endif -%} 35 | {%- endif -%} 36 | {%- endfor -%} 37 | {%- endif -%} 38 | 39 | {#- Append IP addresses and aliases (if they are not already present) #} 40 | {%- for ip in (ip4 + ip6)|sort -%} 41 | {%- do names.append(ip) -%} 42 | {%- for alias in aliases_ips.get(ip, []) -%} 43 | {%- if alias not in names -%} 44 | {%- do names.append(alias) -%} 45 | {%- endif -%} 46 | {%- endfor -%} 47 | {%- endfor -%} 48 | 49 | {#- Write one line per key; join the names together #} 50 | {%- for line in keys.split('\n') -%} 51 | {%- if line -%} 52 | {{ ','.join(names) }} {{ line }} 53 | {% endif -%} 54 | {%- endfor -%} 55 | {%- endmacro -%} 56 | 57 | {#- Pre-fetch pillar data #} 58 | {%- set target = known_hosts | traverse('target', "*.{}".format(grains['domain'])) -%} 59 | {%- set tgt_type = known_hosts | traverse('tgt_type', 'glob') -%} 60 | {%- set keys_function = known_hosts | traverse('mine_keys_function', 'public_ssh_host_keys') -%} 61 | {%- set hostname_function = known_hosts | traverse('mine_hostname_function', 'public_ssh_hostname') -%} 62 | {%- set use_hostnames = known_hosts | traverse('hostnames', False) -%} 63 | {%- set hostnames_target_default = '*' if grains['domain'] == '' else "*.{}".format(grains['domain']) -%} 64 | {%- set hostnames_target = known_hosts | traverse('hostnames:target', hostnames_target_default) -%} 65 | {%- set hostnames_tgt_type = known_hosts | traverse('hostnames:tgt_type', 'glob') -%} 66 | {%- set include_localhost = known_hosts | traverse('include_localhost', False) -%} 67 | {%- set omit_ip_address = known_hosts | traverse('omit_ip_address', []) -%} 68 | 69 | {#- Lookup IP of all aliases so that when we have a matching IP, we inject the alias name 70 | in the SSH known_hosts entry -#} 71 | {%- set aliases = known_hosts | traverse('aliases', []) -%} 72 | {%- set aliases_ips = {} -%} 73 | {%- for alias in aliases -%} 74 | {%- for ip in salt['dig.A'](alias) + salt['dig.AAAA'](alias) -%} 75 | {%- do aliases_ips.setdefault(ip, []).append(alias) -%} 76 | {%- endfor -%} 77 | {%- endfor -%} 78 | 79 | {#- Salt Mine #} 80 | {%- set host_keys = salt['mine.get'](target, keys_function, tgt_type=tgt_type) -%} 81 | {%- set host_names = salt['mine.get'](target, hostname_function, tgt_type=tgt_type) -%} 82 | 83 | {#- Salt SSH (if any) #} 84 | {%- set public_ssh_host_keys = known_hosts | traverse('salt_ssh:public_ssh_host_keys', {}) %} 85 | {%- for minion_id, minion_host_keys in public_ssh_host_keys.items() -%} 86 | {%- if salt["match.{}".format(tgt_type)](target, minion_id=minion_id) -%} 87 | {% do host_keys.update({minion_id: minion_host_keys}) %} 88 | {%- endif -%} 89 | {%- endfor -%} 90 | {%- set public_ssh_host_names = known_hosts | traverse('salt_ssh:public_ssh_host_names', {}) %} 91 | {%- for minion_id, minion_host_names in public_ssh_host_names.items() -%} 92 | {%- if salt["match.{}".format(tgt_type)](target, minion_id=minion_id) -%} 93 | {% do host_names.update({minion_id: minion_host_names}) %} 94 | {%- endif -%} 95 | {%- endfor %} 96 | 97 | {#- Static Pillar data #} 98 | {%- do host_keys.update(known_hosts | traverse('static', {})) -%} 99 | 100 | {#- Loop over targetted minions -#} 101 | {%- for host, keys in host_keys| dictsort -%} 102 | {{ known_host_entry(host, host_names, keys, include_localhost, omit_ip_address) }} 103 | {%- endfor -%} 104 | -------------------------------------------------------------------------------- /openssh/files/default/ssh_config: -------------------------------------------------------------------------------- 1 | {#- present in ssh_config and known in actual file options -#} 2 | {%- set processed_options = [] -%} 3 | {%- set string_or_list_options = ['KexAlgorithms', 'Ciphers', 'MACs'] -%} 4 | 5 | {%- macro render_raw_option(keyword, value) -%} 6 | {%- if value is sameas true -%} 7 | {{ keyword }} yes 8 | {%- elif value is sameas false -%} 9 | {{ keyword }} no 10 | {%- elif value is string or value is number -%} 11 | {{ keyword }} {{ value }} 12 | {%- else -%} 13 | {%- for single_value in value -%} 14 | {{ keyword }} {{ single_value }} 15 | {% endfor -%} 16 | {%- endif -%} 17 | {%- endmacro -%} 18 | 19 | {%- macro render_host_option(keyword, value) -%} 20 | {%- if value is sameas true %} 21 | {{ keyword }} yes 22 | {%- elif value is sameas false %} 23 | {{ keyword }} no 24 | {%- elif value is string or value is number %} 25 | {{ keyword }} {{ value }} 26 | {%- else -%} 27 | {%- if keyword in string_or_list_options %} 28 | {{ keyword }} {{ value|join(',') }} 29 | {%- else %} 30 | {%- for single_value in value -%} 31 | {{ keyword }} {{ single_value }} 32 | {%- endfor -%} 33 | {%- endif -%} 34 | {%- endif -%} 35 | {%- endmacro -%} 36 | 37 | {#- generic renderer used for ssh matches, known options, -#} 38 | {#- and unknown options -#} 39 | {%- macro render_option(keyword, default, config_dict=ssh_config) -%} 40 | {%- set value = config_dict.get(keyword, default) -%} 41 | {{ render_raw_option(keyword, value) }} 42 | {%- endmacro -%} 43 | 44 | {#- macros for render option according to present -#} 45 | {%- macro option_impl(keyword, default, present) -%} 46 | {%- if present -%} 47 | {%- do processed_options.append(keyword) -%} 48 | {%- set prefix='' -%} 49 | {%- else -%} 50 | {%- set prefix='#' -%} 51 | {%- endif -%} 52 | {#- add prefix to keyword -#} 53 | {%- set keyword = prefix ~ keyword -%} 54 | {{ render_option(keyword, default) }} 55 | {%- endmacro -%} 56 | 57 | {#- macros for render option commented by default -#} 58 | {%- macro option(keyword, default, present) -%} 59 | {{ option_impl(keyword, default, keyword in ssh_config) }} 60 | {%- endmacro -%} 61 | 62 | {#- macros for render option uncommented by default -#} 63 | {%- macro option_default_uncommented(keyword, default, present) -%} 64 | {{ option_impl(keyword, default, True) }} 65 | {%- endmacro -%} 66 | 67 | {#- macro for collapsing a list into a string -#} 68 | {%- macro option_collapselist(keyword, sep) -%} 69 | {%- do processed_options.append(keyword) -%} 70 | {{keyword}} {{ssh_config.get(keyword)|join(sep)}} 71 | {%- endmacro -%} 72 | 73 | {#- macro for handling an option that can be specified as a list or a string -#} 74 | {%- macro option_string_or_list(keyword, default, default_commented, sep=',') -%} 75 | {%- if ssh_config.get(keyword, '') is string -%} 76 | {%- if default_commented -%} 77 | {{ option(keyword, default) }} 78 | {%- else -%} 79 | {{ option_default_uncommented(keyword, default) }} 80 | {%- endif -%} 81 | {%- else -%} 82 | {{ option_collapselist(keyword, sep) }} 83 | {%- endif -%} 84 | {%- endmacro -%} 85 | 86 | {%- if ssh_config.get('ConfigBanner', False) -%} 87 | {{ ssh_config['ConfigBanner'] }} 88 | {%- else -%} 89 | # Do not edit this file manually! 90 | # It will be overwritten by salt! 91 | {%- endif %} 92 | {%- set global_src_url = salt ['pillar.get']('__formulas:print_template_url', None) %} 93 | {%- set local_src_url = salt ['pillar.get']('openssh-formula:print_template_url', None) %} 94 | {%- if (global_src_url and local_src_url is none) or local_src_url %} 95 | # 96 | # Template used to generate this file: 97 | # {{ source }} 98 | {%- endif %} 99 | 100 | {%- if 'Hosts' in ssh_config %} 101 | {%- do processed_options.append('Hosts') %} 102 | {% for host, conf in ssh_config['Hosts'].items() %} 103 | Host {{ host }} 104 | {%- for key, val in conf.items() -%} 105 | {{ render_host_option(key, val) }} 106 | {%- endfor %} 107 | {%- endfor %} 108 | {%- endif %} 109 | 110 | {# Handling unknown in salt template options #} 111 | {% for keyword in ssh_config.keys() -%} 112 | {#- Matches have to be at the bottom and should be handled differently -#} 113 | {%- if not keyword in processed_options and keyword != 'matches' -%} 114 | {%- if not keyword in string_or_list_options -%} 115 | {#- send a blank default as it doesn't matter #} 116 | {{ render_option(keyword, '') }} 117 | {%- else -%} 118 | {#- same as above #} 119 | {{ option_string_or_list(keyword, '', True) }} 120 | {%- endif -%} 121 | {%- endif -%} 122 | {%- endfor -%} 123 | 124 | {# Handle matches last as they need to go at the bottom #} 125 | {% if 'matches' in ssh_config -%} 126 | {%- for match in ssh_config['matches'].values() %} 127 | Match {{ match['type'].keys()[0] }} {{ match['type'].values()[0] }} 128 | {%- for keyword in match['options'].keys() %} 129 | {{ render_option(keyword, '', config_dict=match['options']) }} 130 | {%- endfor %} 131 | {%- endfor %} 132 | {%- endif -%} 133 | 134 | {#- vim: set ft=jinja : #} 135 | -------------------------------------------------------------------------------- /openssh/config.sls: -------------------------------------------------------------------------------- 1 | {%- set tplroot = tpldir.split('/')[0] %} 2 | {%- from tplroot ~ "/map.jinja" import mapdata with context %} 3 | {%- from tplroot ~ "/libtofs.jinja" import files_switch %} 4 | {%- set openssh = mapdata.openssh %} 5 | {%- set sshd_config = mapdata.sshd_config %} 6 | {%- set ssh_config = mapdata.ssh_config %} 7 | 8 | 9 | include: 10 | - openssh 11 | 12 | {%- if sshd_config %} 13 | sshd_config: 14 | file.managed: 15 | - name: {{ openssh.sshd_config }} 16 | {#- Preserve backward compatibility using the `if` below #} 17 | - source: {{ openssh.sshd_config_src if '://' in openssh.sshd_config_src 18 | else files_switch( [openssh.sshd_config_src], 19 | 'sshd_config' 20 | ) }} 21 | - template: jinja 22 | - context: 23 | sshd_config: {{ sshd_config | json }} 24 | - user: {{ openssh.sshd_config_user }} 25 | - group: {{ openssh.sshd_config_group }} 26 | - mode: {{ openssh.sshd_config_mode }} 27 | - check_cmd: {{ openssh.sshd_binary }} -t -f 28 | {%- if openssh.sshd_config_backup %} 29 | - backup: minion 30 | {%- endif %} 31 | - watch_in: 32 | - service: {{ openssh.service }} 33 | {%- endif %} 34 | 35 | {%- if ssh_config %} 36 | ssh_config: 37 | file.managed: 38 | - name: {{ openssh.ssh_config }} 39 | {#- Preserve backward compatibility using the `if` below #} 40 | - source: {{ openssh.ssh_config_src if '://' in openssh.ssh_config_src 41 | else files_switch( [openssh.ssh_config_src], 42 | 'ssh_config' 43 | ) }} 44 | - template: jinja 45 | - context: 46 | ssh_config: {{ ssh_config | json }} 47 | - user: {{ openssh.ssh_config_user }} 48 | - group: {{ openssh.ssh_config_group }} 49 | - mode: {{ openssh.ssh_config_mode }} 50 | {%- if openssh.ssh_config_backup %} 51 | - backup: minion 52 | {%- endif %} 53 | {%- endif %} 54 | 55 | {%- for keyType in openssh['host_key_algos'].split(',') %} 56 | {%- set keyFile = "/etc/ssh/ssh_host_" ~ keyType ~ "_key" %} 57 | {%- set keySize = openssh.get('generate_' ~ keyType ~ '_size', False) %} 58 | {%- if openssh.get('provide_' ~ keyType ~ '_keys', False) %} 59 | ssh_host_{{ keyType }}_key: 60 | file.managed: 61 | - name: {{ keyFile }} 62 | - contents_pillar: 'openssh:{{ keyType }}:private_key' 63 | - user: root 64 | - mode: 600 65 | {%- if sshd_config %} 66 | - require_in: 67 | - file: sshd_config 68 | {%- endif %} 69 | - watch_in: 70 | - service: {{ openssh.service }} 71 | 72 | ssh_host_{{ keyType }}_key.pub: 73 | file.managed: 74 | - name: {{ keyFile }}.pub 75 | - contents_pillar: 'openssh:{{ keyType }}:public_key' 76 | - user: root 77 | - mode: 600 78 | {%- if sshd_config %} 79 | - require_in: 80 | - file: sshd_config 81 | {%- endif %} 82 | - watch_in: 83 | - service: {{ openssh.service }} 84 | {%- elif openssh.get('generate_' ~ keyType ~ '_keys', False) %} 85 | {%- if keySize and openssh.get('enforce_' ~ keyType ~ '_size', False) %} 86 | ssh_remove_short_{{ keyType }}_key: 87 | cmd.run: 88 | - name: "rm -f {{ keyFile }} {{ keyFile }}.pub" 89 | - onlyif: "test -f {{ keyFile }}.pub && test `ssh-keygen -l -f {{ keyFile }}.pub 2>/dev/null | awk '{print $1}'` -lt {{ keySize }}" 90 | - require_in: 91 | - cmd: ssh_generate_host_{{ keyType }}_key 92 | {%- endif %} 93 | ssh_generate_host_{{ keyType }}_key: 94 | cmd.run: 95 | {%- set keySizePart = "-b {}".format(keySize) if keySize else "" %} 96 | - name: "rm {{ keyFile }}*; ssh-keygen -t {{ keyType }} {{ keySizePart }} -N '' -f {{ keyFile }}" 97 | - unless: "test -s {{ keyFile }}" 98 | - runas: root 99 | {%- if sshd_config %} 100 | - require_in: 101 | - file: sshd_config 102 | {%- endif %} 103 | - watch_in: 104 | - service: {{ openssh.service }} 105 | 106 | ssh_host_{{ keyType }}_key: # set permissions 107 | file.managed: 108 | - name: {{ keyFile }} 109 | - replace: false 110 | - mode: '0600' 111 | - require: 112 | - cmd: ssh_generate_host_{{ keyType }}_key 113 | {%- if sshd_config %} 114 | - require_in: 115 | - file: sshd_config 116 | {%- endif %} 117 | 118 | {%- elif openssh.get('absent_' ~ keyType ~ '_keys', False) %} 119 | ssh_host_{{ keyType }}_key: 120 | file.absent: 121 | - name: {{ keyFile }} 122 | - watch_in: 123 | - service: {{ openssh.service }} 124 | 125 | ssh_host_{{ keyType }}_key.pub: 126 | file.absent: 127 | - name: {{ keyFile }}.pub 128 | - watch_in: 129 | - service: {{ openssh.service }} 130 | {%- endif %} 131 | {%- endfor %} 132 | 133 | {%- if sshd_config.get('UsePrivilegeSeparation', '')|lower == 'yes' %} 134 | /var/run/sshd: 135 | file.directory: 136 | - user: root 137 | - mode: 755 138 | - require_in: 139 | - file: sshd_config 140 | - watch_in: 141 | - service: {{ openssh.service }} 142 | {%- endif %} 143 | -------------------------------------------------------------------------------- /openssh/libtofs.jinja: -------------------------------------------------------------------------------- 1 | {%- macro files_switch( 2 | source_files, 3 | lookup=None, 4 | default_files_switch=["id", "os_family"], 5 | indent_width=6, 6 | use_subpath=False 7 | ) %} 8 | {#- 9 | Returns a valid value for the "source" parameter of a "file.managed" 10 | state function. This makes easier the usage of the Template Override and 11 | Files Switch (TOFS) pattern. 12 | Params: 13 | * source_files: ordered list of files to look for 14 | * lookup: key under ":tofs:source_files" to prepend to the 15 | list of source files 16 | * default_files_switch: if there's no config (e.g. pillar) 17 | ":tofs:files_switch" this is the ordered list of grains to 18 | use as selector switch of the directories under 19 | "/files" 20 | * indent_width: indentation of the result value to conform to YAML 21 | * use_subpath: defaults to `False` but if set, lookup the source file 22 | recursively from the current state directory up to `tplroot` 23 | Example (based on a `tplroot` of `xxx`): 24 | If we have a state: 25 | Deploy configuration: 26 | file.managed: 27 | - name: /etc/yyy/zzz.conf 28 | - source: {{ files_switch( 29 | ["/etc/yyy/zzz.conf", "/etc/yyy/zzz.conf.jinja"], 30 | lookup="Deploy configuration", 31 | ) }} 32 | - template: jinja 33 | In a minion with id=theminion and os_family=RedHat, it's going to be 34 | rendered as: 35 | Deploy configuration: 36 | file.managed: 37 | - name: /etc/yyy/zzz.conf 38 | - source: 39 | - salt://xxx/files/theminion/etc/yyy/zzz.conf 40 | - salt://xxx/files/theminion/etc/yyy/zzz.conf.jinja 41 | - salt://xxx/files/RedHat/etc/yyy/zzz.conf 42 | - salt://xxx/files/RedHat/etc/yyy/zzz.conf.jinja 43 | - salt://xxx/files/default/etc/yyy/zzz.conf 44 | - salt://xxx/files/default/etc/yyy/zzz.conf.jinja 45 | - template: jinja 46 | #} 47 | {#- Get the `tplroot` from `tpldir` #} 48 | {%- set tplroot = tpldir.split("/")[0] %} 49 | {%- set path_prefix = salt["config.get"](tplroot ~ ":tofs:path_prefix", tplroot) %} 50 | {%- set files_dir = salt["config.get"](tplroot ~ ":tofs:dirs:files", "files") %} 51 | {%- set files_switch_list = salt["config.get"]( 52 | tplroot ~ ":tofs:files_switch", default_files_switch 53 | ) %} 54 | {#- Lookup source_files (v2), files (v1), or fallback to an empty list #} 55 | {%- set src_files = salt["config.get"]( 56 | tplroot ~ ":tofs:source_files:" ~ lookup, 57 | salt["config.get"](tplroot ~ ":tofs:files:" ~ lookup, []), 58 | ) %} 59 | {#- Append the default source_files #} 60 | {%- set src_files = src_files + source_files %} 61 | {#- Only add to [""] when supporting older TOFS implementations #} 62 | {%- set path_prefix_exts = [""] %} 63 | {%- if use_subpath and tplroot != tpldir %} 64 | {#- Walk directory tree to find {{ files_dir }} #} 65 | {%- set subpath_parts = tpldir.lstrip(tplroot).lstrip("/").split("/") %} 66 | {%- for path in subpath_parts %} 67 | {%- set subpath = subpath_parts[0 : loop.index] | join("/") %} 68 | {%- do path_prefix_exts.append("/" ~ subpath) %} 69 | {%- endfor %} 70 | {%- endif %} 71 | {%- for path_prefix_ext in path_prefix_exts | reverse %} 72 | {%- set path_prefix_inc_ext = path_prefix ~ path_prefix_ext %} 73 | {#- For older TOFS implementation, use `files_switch` from the config #} 74 | {#- Use the default, new method otherwise #} 75 | {%- set fsl = salt["config.get"]( 76 | tplroot ~ path_prefix_ext | replace("/", ":") ~ ":files_switch", 77 | files_switch_list, 78 | ) %} 79 | {#- Append an empty value to evaluate as `default` in the loop below #} 80 | {%- if "" not in fsl %} 81 | {%- set fsl = fsl + [""] %} 82 | {%- endif %} 83 | {%- for fs in fsl %} 84 | {%- for src_file in src_files %} 85 | {%- if fs %} 86 | {%- set fs_dirs = salt["config.get"](fs, fs) %} 87 | {%- else %} 88 | {%- set fs_dirs = salt["config.get"]( 89 | tplroot ~ ":tofs:dirs:default", "default" 90 | ) %} 91 | {%- endif %} 92 | {#- Force the `config.get` lookup result as a list where necessary #} 93 | {#- since we need to also handle grains that are lists #} 94 | {%- if fs_dirs is string %} 95 | {%- set fs_dirs = [fs_dirs] %} 96 | {%- endif %} 97 | {%- for fs_dir in fs_dirs %} 98 | {#- strip empty elements by using a select #} 99 | {%- set url = ( 100 | [ 101 | "- salt:/", 102 | path_prefix_inc_ext.strip("/"), 103 | files_dir.strip("/"), 104 | fs_dir.strip("/"), 105 | src_file.strip("/"), 106 | ] 107 | | select 108 | | join("/") 109 | ) %} 110 | {{ url | indent(indent_width, true) }} 111 | {%- endfor %} 112 | {%- endfor %} 113 | {%- endfor %} 114 | {%- endfor %} 115 | {%- endmacro %} 116 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/freebsd-11.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # FreeBSD-12 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client_version: latest 57 | dig_pkg: bind-tools 58 | dsa: 59 | private_key: '-----BEGIN DSA PRIVATE KEY----- 60 | 61 | NOT_DEFINED 62 | 63 | -----END DSA PRIVATE KEY----- 64 | ' 65 | public_key: 'ssh-dss NOT_DEFINED 66 | ' 67 | ecdsa: 68 | private_key: '-----BEGIN EC PRIVATE KEY----- 69 | 70 | NOT_DEFINED 71 | 72 | -----END EC PRIVATE KEY----- 73 | ' 74 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 75 | ' 76 | ed25519: 77 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 78 | 79 | NOT_DEFINED 80 | 81 | -----END OPENSSH PRIVATE KEY----- 82 | ' 83 | public_key: 'ssh-ed25519 NOT_DEFINED 84 | ' 85 | enforce_rsa_size: false 86 | generate_dsa_keys: false 87 | generate_ecdsa_keys: false 88 | generate_ed25519_keys: false 89 | generate_rsa_keys: false 90 | generate_rsa_size: 4096 91 | host_key_algos: ecdsa,ed25519,rsa 92 | known_hosts: 93 | aliases: 94 | - cname-to-minion.example.org 95 | - alias.example.org 96 | hostnames: false 97 | include_localhost: false 98 | mine_hostname_function: public_ssh_hostname 99 | mine_keys_function: public_ssh_host_keys 100 | omit_ip_address: 101 | - github.com 102 | salt_ssh: 103 | public_ssh_host_keys: 104 | minion.id: 'ssh-rsa [...] 105 | 106 | ssh-ed25519 [...] 107 | ' 108 | public_ssh_host_names: 109 | minion.id: 110 | - minion.id 111 | - alias.of.minion.id 112 | user: salt-master 113 | static: 114 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 115 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 116 | target: '*' 117 | tgt_type: glob 118 | moduli: '# Time Type Tests Tries Size Generator Modulus 119 | 120 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 121 | 122 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 123 | 124 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 125 | 126 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 127 | ' 128 | provide_dsa_keys: false 129 | provide_ecdsa_keys: false 130 | provide_ed25519_keys: false 131 | provide_rsa_keys: false 132 | root_group: root 133 | rsa: 134 | private_key: '-----BEGIN RSA PRIVATE KEY----- 135 | 136 | NOT_DEFINED 137 | 138 | -----END RSA PRIVATE KEY----- 139 | ' 140 | public_key: 'ssh-rsa NOT_DEFINED 141 | ' 142 | server_version: latest 143 | service: sshd 144 | ssh_config: /etc/ssh/ssh_config 145 | ssh_config_backup: true 146 | ssh_config_group: wheel 147 | ssh_config_mode: '644' 148 | ssh_config_src: ssh_config 149 | ssh_config_user: root 150 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 151 | ssh_known_hosts_src: ssh_known_hosts 152 | ssh_moduli: /etc/ssh/moduli 153 | sshd_binary: /usr/sbin/sshd 154 | sshd_config: /etc/ssh/sshd_config 155 | sshd_config_backup: true 156 | sshd_config_group: wheel 157 | sshd_config_mode: '644' 158 | sshd_config_src: sshd_config 159 | sshd_config_user: root 160 | sshd_enable: true 161 | tofs: 162 | source_files: 163 | manage ssh_known_hosts file: 164 | - alt_ssh_known_hosts 165 | ssh_config: 166 | - alt_ssh_config 167 | sshd_banner: 168 | - fire_banner 169 | sshd_config: 170 | - alt_sshd_config 171 | ssh_config: 172 | Hosts: 173 | '*': 174 | GSSAPIAuthentication: 'yes' 175 | HashKnownHosts: 'yes' 176 | SendEnv: LANG LC_* 177 | sshd_config: 178 | AcceptEnv: LANG LC_* 179 | ChallengeResponseAuthentication: 'no' 180 | PrintMotd: 'no' 181 | Subsystem: sftp /usr/lib/openssh/sftp-server 182 | UsePAM: 'yes' 183 | X11Forwarding: 'yes' 184 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/freebsd-12.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # FreeBSD-12 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client_version: latest 57 | dig_pkg: bind-tools 58 | dsa: 59 | private_key: '-----BEGIN DSA PRIVATE KEY----- 60 | 61 | NOT_DEFINED 62 | 63 | -----END DSA PRIVATE KEY----- 64 | ' 65 | public_key: 'ssh-dss NOT_DEFINED 66 | ' 67 | ecdsa: 68 | private_key: '-----BEGIN EC PRIVATE KEY----- 69 | 70 | NOT_DEFINED 71 | 72 | -----END EC PRIVATE KEY----- 73 | ' 74 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 75 | ' 76 | ed25519: 77 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 78 | 79 | NOT_DEFINED 80 | 81 | -----END OPENSSH PRIVATE KEY----- 82 | ' 83 | public_key: 'ssh-ed25519 NOT_DEFINED 84 | ' 85 | enforce_rsa_size: false 86 | generate_dsa_keys: false 87 | generate_ecdsa_keys: false 88 | generate_ed25519_keys: false 89 | generate_rsa_keys: false 90 | generate_rsa_size: 4096 91 | host_key_algos: ecdsa,ed25519,rsa 92 | known_hosts: 93 | aliases: 94 | - cname-to-minion.example.org 95 | - alias.example.org 96 | hostnames: false 97 | include_localhost: false 98 | mine_hostname_function: public_ssh_hostname 99 | mine_keys_function: public_ssh_host_keys 100 | omit_ip_address: 101 | - github.com 102 | salt_ssh: 103 | public_ssh_host_keys: 104 | minion.id: 'ssh-rsa [...] 105 | 106 | ssh-ed25519 [...] 107 | ' 108 | public_ssh_host_names: 109 | minion.id: 110 | - minion.id 111 | - alias.of.minion.id 112 | user: salt-master 113 | static: 114 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 115 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 116 | target: '*' 117 | tgt_type: glob 118 | moduli: '# Time Type Tests Tries Size Generator Modulus 119 | 120 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 121 | 122 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 123 | 124 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 125 | 126 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 127 | ' 128 | provide_dsa_keys: false 129 | provide_ecdsa_keys: false 130 | provide_ed25519_keys: false 131 | provide_rsa_keys: false 132 | root_group: root 133 | rsa: 134 | private_key: '-----BEGIN RSA PRIVATE KEY----- 135 | 136 | NOT_DEFINED 137 | 138 | -----END RSA PRIVATE KEY----- 139 | ' 140 | public_key: 'ssh-rsa NOT_DEFINED 141 | ' 142 | server_version: latest 143 | service: sshd 144 | ssh_config: /etc/ssh/ssh_config 145 | ssh_config_backup: true 146 | ssh_config_group: wheel 147 | ssh_config_mode: '644' 148 | ssh_config_src: ssh_config 149 | ssh_config_user: root 150 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 151 | ssh_known_hosts_src: ssh_known_hosts 152 | ssh_moduli: /etc/ssh/moduli 153 | sshd_binary: /usr/sbin/sshd 154 | sshd_config: /etc/ssh/sshd_config 155 | sshd_config_backup: true 156 | sshd_config_group: wheel 157 | sshd_config_mode: '644' 158 | sshd_config_src: sshd_config 159 | sshd_config_user: root 160 | sshd_enable: true 161 | tofs: 162 | source_files: 163 | manage ssh_known_hosts file: 164 | - alt_ssh_known_hosts 165 | ssh_config: 166 | - alt_ssh_config 167 | sshd_banner: 168 | - fire_banner 169 | sshd_config: 170 | - alt_sshd_config 171 | ssh_config: 172 | Hosts: 173 | '*': 174 | GSSAPIAuthentication: 'yes' 175 | HashKnownHosts: 'yes' 176 | SendEnv: LANG LC_* 177 | sshd_config: 178 | AcceptEnv: LANG LC_* 179 | ChallengeResponseAuthentication: 'no' 180 | PrintMotd: 'no' 181 | Subsystem: sftp /usr/lib/openssh/sftp-server 182 | UsePAM: 'yes' 183 | X11Forwarding: 'yes' 184 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/freebsd-13.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # FreeBSD-13 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client_version: latest 57 | dig_pkg: bind-tools 58 | dsa: 59 | private_key: '-----BEGIN DSA PRIVATE KEY----- 60 | 61 | NOT_DEFINED 62 | 63 | -----END DSA PRIVATE KEY----- 64 | ' 65 | public_key: 'ssh-dss NOT_DEFINED 66 | ' 67 | ecdsa: 68 | private_key: '-----BEGIN EC PRIVATE KEY----- 69 | 70 | NOT_DEFINED 71 | 72 | -----END EC PRIVATE KEY----- 73 | ' 74 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 75 | ' 76 | ed25519: 77 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 78 | 79 | NOT_DEFINED 80 | 81 | -----END OPENSSH PRIVATE KEY----- 82 | ' 83 | public_key: 'ssh-ed25519 NOT_DEFINED 84 | ' 85 | enforce_rsa_size: false 86 | generate_dsa_keys: false 87 | generate_ecdsa_keys: false 88 | generate_ed25519_keys: false 89 | generate_rsa_keys: false 90 | generate_rsa_size: 4096 91 | host_key_algos: ecdsa,ed25519,rsa 92 | known_hosts: 93 | aliases: 94 | - cname-to-minion.example.org 95 | - alias.example.org 96 | hostnames: false 97 | include_localhost: false 98 | mine_hostname_function: public_ssh_hostname 99 | mine_keys_function: public_ssh_host_keys 100 | omit_ip_address: 101 | - github.com 102 | salt_ssh: 103 | public_ssh_host_keys: 104 | minion.id: 'ssh-rsa [...] 105 | 106 | ssh-ed25519 [...] 107 | ' 108 | public_ssh_host_names: 109 | minion.id: 110 | - minion.id 111 | - alias.of.minion.id 112 | user: salt-master 113 | static: 114 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 115 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 116 | target: '*' 117 | tgt_type: glob 118 | moduli: '# Time Type Tests Tries Size Generator Modulus 119 | 120 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 121 | 122 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 123 | 124 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 125 | 126 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 127 | ' 128 | provide_dsa_keys: false 129 | provide_ecdsa_keys: false 130 | provide_ed25519_keys: false 131 | provide_rsa_keys: false 132 | root_group: root 133 | rsa: 134 | private_key: '-----BEGIN RSA PRIVATE KEY----- 135 | 136 | NOT_DEFINED 137 | 138 | -----END RSA PRIVATE KEY----- 139 | ' 140 | public_key: 'ssh-rsa NOT_DEFINED 141 | ' 142 | server_version: latest 143 | service: sshd 144 | ssh_config: /etc/ssh/ssh_config 145 | ssh_config_backup: true 146 | ssh_config_group: wheel 147 | ssh_config_mode: '644' 148 | ssh_config_src: ssh_config 149 | ssh_config_user: root 150 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 151 | ssh_known_hosts_src: ssh_known_hosts 152 | ssh_moduli: /etc/ssh/moduli 153 | sshd_binary: /usr/sbin/sshd 154 | sshd_config: /etc/ssh/sshd_config 155 | sshd_config_backup: true 156 | sshd_config_group: wheel 157 | sshd_config_mode: '644' 158 | sshd_config_src: sshd_config 159 | sshd_config_user: root 160 | sshd_enable: true 161 | tofs: 162 | source_files: 163 | manage ssh_known_hosts file: 164 | - alt_ssh_known_hosts 165 | ssh_config: 166 | - alt_ssh_config 167 | sshd_banner: 168 | - fire_banner 169 | sshd_config: 170 | - alt_sshd_config 171 | ssh_config: 172 | Hosts: 173 | '*': 174 | GSSAPIAuthentication: 'yes' 175 | HashKnownHosts: 'yes' 176 | SendEnv: LANG LC_* 177 | sshd_config: 178 | AcceptEnv: LANG LC_* 179 | ChallengeResponseAuthentication: 'no' 180 | PrintMotd: 'no' 181 | Subsystem: sftp /usr/lib/openssh/sftp-server 182 | UsePAM: 'yes' 183 | X11Forwarding: 'yes' 184 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/openbsd-6.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # OpenBSD-6 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client_version: latest 57 | dig_pkg: ~ 58 | dsa: 59 | private_key: '-----BEGIN DSA PRIVATE KEY----- 60 | 61 | NOT_DEFINED 62 | 63 | -----END DSA PRIVATE KEY----- 64 | ' 65 | public_key: 'ssh-dss NOT_DEFINED 66 | ' 67 | ecdsa: 68 | private_key: '-----BEGIN EC PRIVATE KEY----- 69 | 70 | NOT_DEFINED 71 | 72 | -----END EC PRIVATE KEY----- 73 | ' 74 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 75 | ' 76 | ed25519: 77 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 78 | 79 | NOT_DEFINED 80 | 81 | -----END OPENSSH PRIVATE KEY----- 82 | ' 83 | public_key: 'ssh-ed25519 NOT_DEFINED 84 | ' 85 | enforce_rsa_size: false 86 | generate_dsa_keys: false 87 | generate_ecdsa_keys: false 88 | generate_ed25519_keys: false 89 | generate_rsa_keys: false 90 | generate_rsa_size: 4096 91 | host_key_algos: ecdsa,ed25519,rsa 92 | known_hosts: 93 | aliases: 94 | - cname-to-minion.example.org 95 | - alias.example.org 96 | hostnames: false 97 | include_localhost: false 98 | mine_hostname_function: public_ssh_hostname 99 | mine_keys_function: public_ssh_host_keys 100 | omit_ip_address: 101 | - github.com 102 | salt_ssh: 103 | public_ssh_host_keys: 104 | minion.id: 'ssh-rsa [...] 105 | 106 | ssh-ed25519 [...] 107 | ' 108 | public_ssh_host_names: 109 | minion.id: 110 | - minion.id 111 | - alias.of.minion.id 112 | user: salt-master 113 | static: 114 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 115 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 116 | target: '*' 117 | tgt_type: glob 118 | moduli: '# Time Type Tests Tries Size Generator Modulus 119 | 120 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 121 | 122 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 123 | 124 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 125 | 126 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 127 | ' 128 | provide_dsa_keys: false 129 | provide_ecdsa_keys: false 130 | provide_ed25519_keys: false 131 | provide_rsa_keys: false 132 | root_group: root 133 | rsa: 134 | private_key: '-----BEGIN RSA PRIVATE KEY----- 135 | 136 | NOT_DEFINED 137 | 138 | -----END RSA PRIVATE KEY----- 139 | ' 140 | public_key: 'ssh-rsa NOT_DEFINED 141 | ' 142 | server_version: latest 143 | service: sshd 144 | ssh_config: /etc/ssh/ssh_config 145 | ssh_config_backup: true 146 | ssh_config_group: wheel 147 | ssh_config_mode: '644' 148 | ssh_config_src: ssh_config 149 | ssh_config_user: root 150 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 151 | ssh_known_hosts_src: ssh_known_hosts 152 | ssh_moduli: /etc/ssh/moduli 153 | sshd_binary: /usr/sbin/sshd 154 | sshd_config: /etc/ssh/sshd_config 155 | sshd_config_backup: true 156 | sshd_config_group: wheel 157 | sshd_config_mode: '644' 158 | sshd_config_src: sshd_config 159 | sshd_config_user: root 160 | sshd_enable: true 161 | tofs: 162 | source_files: 163 | manage ssh_known_hosts file: 164 | - alt_ssh_known_hosts 165 | ssh_config: 166 | - alt_ssh_config 167 | sshd_banner: 168 | - fire_banner 169 | sshd_config: 170 | - alt_sshd_config 171 | ssh_config: 172 | Hosts: 173 | '*': 174 | GSSAPIAuthentication: 'yes' 175 | HashKnownHosts: 'yes' 176 | SendEnv: LANG LC_* 177 | sshd_config: 178 | AcceptEnv: LANG LC_* 179 | ChallengeResponseAuthentication: 'no' 180 | PrintMotd: 'no' 181 | PubkeyAcceptedAlgorithms: "+ssh-rsa" 182 | Subsystem: sftp /usr/lib/openssh/sftp-server 183 | X11Forwarding: 'yes' 184 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/openbsd-7.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # OpenBSD-7 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client_version: latest 57 | dig_pkg: ~ 58 | dsa: 59 | private_key: '-----BEGIN DSA PRIVATE KEY----- 60 | 61 | NOT_DEFINED 62 | 63 | -----END DSA PRIVATE KEY----- 64 | ' 65 | public_key: 'ssh-dss NOT_DEFINED 66 | ' 67 | ecdsa: 68 | private_key: '-----BEGIN EC PRIVATE KEY----- 69 | 70 | NOT_DEFINED 71 | 72 | -----END EC PRIVATE KEY----- 73 | ' 74 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 75 | ' 76 | ed25519: 77 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 78 | 79 | NOT_DEFINED 80 | 81 | -----END OPENSSH PRIVATE KEY----- 82 | ' 83 | public_key: 'ssh-ed25519 NOT_DEFINED 84 | ' 85 | enforce_rsa_size: false 86 | generate_dsa_keys: false 87 | generate_ecdsa_keys: false 88 | generate_ed25519_keys: false 89 | generate_rsa_keys: false 90 | generate_rsa_size: 4096 91 | host_key_algos: ecdsa,ed25519,rsa 92 | known_hosts: 93 | aliases: 94 | - cname-to-minion.example.org 95 | - alias.example.org 96 | hostnames: false 97 | include_localhost: false 98 | mine_hostname_function: public_ssh_hostname 99 | mine_keys_function: public_ssh_host_keys 100 | omit_ip_address: 101 | - github.com 102 | salt_ssh: 103 | public_ssh_host_keys: 104 | minion.id: 'ssh-rsa [...] 105 | 106 | ssh-ed25519 [...] 107 | ' 108 | public_ssh_host_names: 109 | minion.id: 110 | - minion.id 111 | - alias.of.minion.id 112 | user: salt-master 113 | static: 114 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 115 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 116 | target: '*' 117 | tgt_type: glob 118 | moduli: '# Time Type Tests Tries Size Generator Modulus 119 | 120 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 121 | 122 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 123 | 124 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 125 | 126 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 127 | ' 128 | provide_dsa_keys: false 129 | provide_ecdsa_keys: false 130 | provide_ed25519_keys: false 131 | provide_rsa_keys: false 132 | root_group: root 133 | rsa: 134 | private_key: '-----BEGIN RSA PRIVATE KEY----- 135 | 136 | NOT_DEFINED 137 | 138 | -----END RSA PRIVATE KEY----- 139 | ' 140 | public_key: 'ssh-rsa NOT_DEFINED 141 | ' 142 | server_version: latest 143 | service: sshd 144 | ssh_config: /etc/ssh/ssh_config 145 | ssh_config_backup: true 146 | ssh_config_group: wheel 147 | ssh_config_mode: '644' 148 | ssh_config_src: ssh_config 149 | ssh_config_user: root 150 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 151 | ssh_known_hosts_src: ssh_known_hosts 152 | ssh_moduli: /etc/ssh/moduli 153 | sshd_binary: /usr/sbin/sshd 154 | sshd_config: /etc/ssh/sshd_config 155 | sshd_config_backup: true 156 | sshd_config_group: wheel 157 | sshd_config_mode: '644' 158 | sshd_config_src: sshd_config 159 | sshd_config_user: root 160 | sshd_enable: true 161 | tofs: 162 | source_files: 163 | manage ssh_known_hosts file: 164 | - alt_ssh_known_hosts 165 | ssh_config: 166 | - alt_ssh_config 167 | sshd_banner: 168 | - fire_banner 169 | sshd_config: 170 | - alt_sshd_config 171 | ssh_config: 172 | Hosts: 173 | '*': 174 | GSSAPIAuthentication: 'yes' 175 | HashKnownHosts: 'yes' 176 | SendEnv: LANG LC_* 177 | sshd_config: 178 | AcceptEnv: LANG LC_* 179 | ChallengeResponseAuthentication: 'no' 180 | PrintMotd: 'no' 181 | PubkeyAcceptedAlgorithms: "+ssh-rsa" 182 | Subsystem: sftp /usr/lib/openssh/sftp-server 183 | X11Forwarding: 'yes' 184 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/opensuse-15.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Leap-15 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh 57 | client_version: latest 58 | dig_pkg: bind-utils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh 144 | server_version: latest 145 | service: sshd 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/centos-6.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # CentOS-6 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-clients 57 | client_version: latest 58 | dig_pkg: bind-utils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: sshd 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/debian-9.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Debian-9 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-client 57 | client_version: latest 58 | dig_pkg: dnsutils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: ssh 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/debian-10.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Debian-10 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-client 57 | client_version: latest 58 | dig_pkg: dnsutils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: ssh 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/fedora-31.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Fedora-31 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-clients 57 | client_version: latest 58 | dig_pkg: bind-utils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: sshd 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/fedora-32.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Fedora-32 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-clients 57 | client_version: latest 58 | dig_pkg: bind-utils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: sshd 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/fedora-33.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Fedora-33 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-clients 57 | client_version: latest 58 | dig_pkg: bind-utils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: sshd 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/fedora-34.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Fedora-34 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-clients 57 | client_version: latest 58 | dig_pkg: bind-utils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: sshd 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/fedora-35.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Fedora-35 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-clients 57 | client_version: latest 58 | dig_pkg: bind-utils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: sshd 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/fedora-40.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Fedora-40 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-clients 57 | client_version: latest 58 | dig_pkg: bind-utils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: sshd 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/fedora-41.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Fedora-41 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-clients 57 | client_version: latest 58 | dig_pkg: bind-utils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: sshd 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/ubuntu-16.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Ubuntu-16.04 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-client 57 | client_version: latest 58 | dig_pkg: dnsutils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: ssh 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | -------------------------------------------------------------------------------- /test/integration/default/files/_mapdata/ubuntu-18.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable rule:indentation rule:line-length 2 | # Ubuntu-18.04 3 | --- 4 | values: 5 | map_jinja: 6 | sources: 7 | - Y:G@osarch 8 | - Y:G@os_family 9 | - Y:G@os 10 | - Y:G@osfinger 11 | - C:SUB@openssh:lookup 12 | - C:SUB@openssh 13 | - C:SUB@sshd_config:lookup 14 | - C:SUB@sshd_config 15 | - C:SUB@ssh_config:lookup 16 | - C:SUB@ssh_config 17 | - Y:G@id 18 | openssh: 19 | absent_dsa_keys: false 20 | absent_ecdsa_keys: false 21 | absent_ed25519_keys: false 22 | absent_rsa_keys: false 23 | auth: 24 | joe-non-valid-ssh-key: 25 | - comment: obsolete key - removed 26 | enc: ssh-rsa 27 | present: false 28 | source: salt://ssh_keys/joe.no-valid.pub 29 | user: joe 30 | joe-valid-ssh-key-desktop: 31 | - comment: main key - desktop 32 | enc: ssh-rsa 33 | present: true 34 | source: salt://ssh_keys/joe.desktop.pub 35 | user: joe 36 | joe-valid-ssh-key-notebook: 37 | - comment: main key - notebook 38 | enc: ssh-rsa 39 | present: true 40 | source: salt://ssh_keys/joe.netbook.pub 41 | user: joe 42 | auth_map: 43 | personal_keys: 44 | source: salt://ssh_keys 45 | users: 46 | joe: 47 | joe.desktop: {} 48 | joe.netbook: 49 | options: [] 50 | joe.no-valid: 51 | present: false 52 | banner: /etc/ssh/banner 53 | banner_src: banner 54 | banner_string: 'Welcome to example.net! 55 | ' 56 | client: openssh-client 57 | client_version: latest 58 | dig_pkg: dnsutils 59 | dsa: 60 | private_key: '-----BEGIN DSA PRIVATE KEY----- 61 | 62 | NOT_DEFINED 63 | 64 | -----END DSA PRIVATE KEY----- 65 | ' 66 | public_key: 'ssh-dss NOT_DEFINED 67 | ' 68 | ecdsa: 69 | private_key: '-----BEGIN EC PRIVATE KEY----- 70 | 71 | NOT_DEFINED 72 | 73 | -----END EC PRIVATE KEY----- 74 | ' 75 | public_key: 'ecdsa-sha2-nistp256 NOT_DEFINED 76 | ' 77 | ed25519: 78 | private_key: '-----BEGIN OPENSSH PRIVATE KEY----- 79 | 80 | NOT_DEFINED 81 | 82 | -----END OPENSSH PRIVATE KEY----- 83 | ' 84 | public_key: 'ssh-ed25519 NOT_DEFINED 85 | ' 86 | enforce_rsa_size: false 87 | generate_dsa_keys: false 88 | generate_ecdsa_keys: false 89 | generate_ed25519_keys: false 90 | generate_rsa_keys: false 91 | generate_rsa_size: 4096 92 | host_key_algos: ecdsa,ed25519,rsa 93 | known_hosts: 94 | aliases: 95 | - cname-to-minion.example.org 96 | - alias.example.org 97 | hostnames: false 98 | include_localhost: false 99 | mine_hostname_function: public_ssh_hostname 100 | mine_keys_function: public_ssh_host_keys 101 | omit_ip_address: 102 | - github.com 103 | salt_ssh: 104 | public_ssh_host_keys: 105 | minion.id: 'ssh-rsa [...] 106 | 107 | ssh-ed25519 [...] 108 | ' 109 | public_ssh_host_names: 110 | minion.id: 111 | - minion.id 112 | - alias.of.minion.id 113 | user: salt-master 114 | static: 115 | github.com: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGm[...] 116 | gitlab.com: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bN[...] 117 | target: '*' 118 | tgt_type: glob 119 | moduli: '# Time Type Tests Tries Size Generator Modulus 120 | 121 | 20120821045639 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C604293680B09D63 122 | 123 | 20120821045830 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C6042936814C2FFB 124 | 125 | 20120821050046 2 6 100 2047 2 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368214FC53 126 | 127 | 20120821050054 2 6 100 2047 5 DD2047CBDBB6F8E919BC63DE885B34D0FD6E3DB2887D8B46FE249886ACED6B46DFCD5553168185FD376122171CD8927E60120FA8D01F01D03E58281FEA9A1ABE97631C828E41815F34FDCDF787419FE13A3137649AA93D2584230DF5F24B5C00C88B7D7DE4367693428C730376F218A53E853B0851BAB7C53C15DA7839CBE1285DB63F6FA45C1BB59FE1C5BB918F0F8459D7EF60ACFF5C0FA0F3FCAD1C5F4CE4416D4F4B36B05CDCEBE4FB879E95847EFBC6449CD190248843BC7EDB145FBFC4EDBB1A3C959298F08F3BA2CFBE231BBE204BE6F906209D28BD4820AB3E7BE96C26AE8A809ADD8D1A5A0B008E9570FA4C4697E116B8119892C60429368218E83F 128 | ' 129 | provide_dsa_keys: false 130 | provide_ecdsa_keys: false 131 | provide_ed25519_keys: false 132 | provide_rsa_keys: false 133 | root_group: root 134 | rsa: 135 | private_key: '-----BEGIN RSA PRIVATE KEY----- 136 | 137 | NOT_DEFINED 138 | 139 | -----END RSA PRIVATE KEY----- 140 | ' 141 | public_key: 'ssh-rsa NOT_DEFINED 142 | ' 143 | server: openssh-server 144 | server_version: latest 145 | service: ssh 146 | ssh_config: /etc/ssh/ssh_config 147 | ssh_config_backup: true 148 | ssh_config_group: root 149 | ssh_config_mode: '644' 150 | ssh_config_src: ssh_config 151 | ssh_config_user: root 152 | ssh_known_hosts: /etc/ssh/ssh_known_hosts 153 | ssh_known_hosts_src: ssh_known_hosts 154 | ssh_moduli: /etc/ssh/moduli 155 | sshd_binary: /usr/sbin/sshd 156 | sshd_config: /etc/ssh/sshd_config 157 | sshd_config_backup: true 158 | sshd_config_group: root 159 | sshd_config_mode: '644' 160 | sshd_config_src: sshd_config 161 | sshd_config_user: root 162 | sshd_enable: true 163 | tofs: 164 | source_files: 165 | manage ssh_known_hosts file: 166 | - alt_ssh_known_hosts 167 | ssh_config: 168 | - alt_ssh_config 169 | sshd_banner: 170 | - fire_banner 171 | sshd_config: 172 | - alt_sshd_config 173 | ssh_config: 174 | Hosts: 175 | '*': 176 | GSSAPIAuthentication: 'yes' 177 | HashKnownHosts: 'yes' 178 | SendEnv: LANG LC_* 179 | sshd_config: 180 | AcceptEnv: LANG LC_* 181 | ChallengeResponseAuthentication: 'no' 182 | PrintMotd: 'no' 183 | Subsystem: sftp /usr/lib/openssh/sftp-server 184 | UsePAM: 'yes' 185 | X11Forwarding: 'yes' 186 | --------------------------------------------------------------------------------