Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / openssh / f9dc46725e25755a739a1d7ecc6cb9e483846900 / . / README.rst
blob: b82a36be5b0fded138283f68b45036ee930528ca [file] [log] [blame]
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]1=======
2OpenSSH
3=======
4
5OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
6
7Sample pillar
8=============
9
10OpenSSH client
11--------------
12
13OpenSSH client with shared private key
14
15.. code-block:: yaml
16
17 openssh:
18 client:
19 enabled: true
20 user:
21 root:
22 enabled: true
Jiri Broulikd33c8dd2017-04-27 17:18:26 +0200[diff] [blame]23 private_key:
24 type: rsa
25 key: ${_param:root_private_key}
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]26 user: ${linux:system:user:root}
27
28OpenSSH client with individual private key and known host
29
30.. code-block:: yaml
31
32 openssh:
33 client:
34 enabled: true
35 user:
36 root:
37 enabled: true
38 user: ${linux:system:user:root}
39 known_hosts:
40 - name: repo.domain.com
41 type: rsa
42 fingerprint: dd:fa:e8:68:b1:ea:ea:a0:63:f1:5a:55:48:e1:7e:37
43
Petr Michalec244a6422017-08-10 09:43:53 +0200[diff] [blame]44Configure keep alive settings:
45
46.. code-block:: yaml
47
48 openssh:
49 client:
50 alive:
51 interval: 600
52 count: 3
53
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]54OpenSSH server
55--------------
56
57OpenSSH server with configuration parameters
58
59.. code-block:: yaml
60
61 openssh:
62 server:
63 enabled: true
64 permit_root_login: true
65 public_key_auth: true
66 password_auth: true
67 host_auth: true
68 banner: Welcome to server!
Jiri Konecny2a274232016-02-16 15:49:35 +0100[diff] [blame]69 bind:
70 address: 0.0.0.0
Jiri Konecnydf550532016-02-17 11:48:47 +0100[diff] [blame]71 port: 22
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]72
Filip Pytloun2d3c8032016-03-11 16:40:20 +0100[diff] [blame]73OpenSSH server with auth keys for users.
74Parameter ``purge`` will ensure exact authorized_keys contents co undefined
75keys will be removed.
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]76
77.. code-block:: yaml
78
79 openssh:
80 server:
81 enabled: true
Jiri Konecny2a274232016-02-16 15:49:35 +0100[diff] [blame]82 bind:
83 address: 0.0.0.0
Jiri Konecnydf550532016-02-17 11:48:47 +0100[diff] [blame]84 port: 22
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]85 ...
86 user:
87 newt:
88 enabled: true
89 user: ${linux:system:user:newt}
90 public_keys:
91 - ${public_keys:newt}
92 root:
93 enabled: true
Filip Pytloun2d3c8032016-03-11 16:40:20 +0100[diff] [blame]94 purge: true
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]95 user: ${linux:system:user:root}
96 public_keys:
97 - ${public_keys:newt}
98
Filip Pytlouna12db4a2016-12-02 13:21:02 +0100[diff] [blame]99You can also bind openssh on multiple addresses and ports:
100
101.. code-block:: yaml
102
103 openssh:
104 server:
105 enabled: true
106 binds:
107 - address: 127.0.0.1
108 port: 22
109 - address: 192.168.1.1
110 port: 2222
111
Filip Pytloundaf8f982015-12-16 11:55:34 +0100[diff] [blame]112OpenSSH server for use with FreeIPA
113
114.. code-block:: yaml
115
116 openssh:
117 server:
118 enabled: true
Jiri Konecny2a274232016-02-16 15:49:35 +0100[diff] [blame]119 bind:
120 address: 0.0.0.0
Jiri Konecnydf550532016-02-17 11:48:47 +0100[diff] [blame]121 port: 22
Filip Pytloundaf8f982015-12-16 11:55:34 +0100[diff] [blame]122 public_key_auth: true
123 authorized_keys_command:
124 command: /usr/bin/sss_ssh_authorizedkeys
125 user: nobody
126
Petr Michalec244a6422017-08-10 09:43:53 +0200[diff] [blame]127Configure keep alive settings:
128
129.. code-block:: yaml
130
131 openssh:
132 server:
133 alive:
134 keep: yes
135 interval: 600
136 count: 3
137 #
138 # will give you an timeout of 30 minutes (600 sec x 3)
139
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]140Read more
141=========
142
143* http://www.openssh.org/manual.html
144* https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
145* http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
146* http://www.zeitoun.net/articles/ssh-through-http-proxy/start
Filip Pytloun0e139062017-02-02 13:02:03 +0100[diff] [blame]147
148Documentation and Bugs
149======================
150
151To learn how to install and update salt-formulas, consult the documentation
152available online at:
153
154 http://salt-formulas.readthedocs.io/
155
156In the unfortunate event that bugs are discovered, they should be reported to
157the appropriate issue tracker. Use Github issue tracker for specific salt
158formula:
159
160 https://github.com/salt-formulas/salt-formula-openssh/issues
161
162For feature requests, bug reports or blueprints affecting entire ecosystem,
163use Launchpad salt-formulas project:
164
165 https://launchpad.net/salt-formulas
166
167You can also join salt-formulas-users team and subscribe to mailing list:
168
169 https://launchpad.net/~salt-formulas-users
170
171Developers wishing to work on the salt-formulas projects should always base
172their work on master branch and submit pull request against specific formula.
173
174 https://github.com/salt-formulas/salt-formula-openssh
175
176Any questions or feedback is always welcome so feel free to join our IRC
177channel:
178
179 #salt-formulas @ irc.freenode.net