| Filip Pytloun | a6d4a78 | 2015-10-06 16:28:32 +0200 | [diff] [blame] | 1 | ======= |
| 2 | OpenSSH |
| 3 | ======= |
| 4 | |
| 5 | OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. |
| 6 | |
| 7 | Sample pillar |
| 8 | ============= |
| 9 | |
| 10 | OpenSSH client |
| 11 | -------------- |
| 12 | |
| 13 | OpenSSH client with shared private key |
| 14 | |
| 15 | .. code-block:: yaml |
| 16 | |
| 17 | openssh: |
| 18 | client: |
| 19 | enabled: true |
| 20 | user: |
| 21 | root: |
| 22 | enabled: true |
| 23 | private_key: ${private_keys:vaio.newt.cz} |
| 24 | user: ${linux:system:user:root} |
| 25 | |
| 26 | OpenSSH client with individual private key and known host |
| 27 | |
| 28 | .. code-block:: yaml |
| 29 | |
| 30 | openssh: |
| 31 | client: |
| 32 | enabled: true |
| 33 | user: |
| 34 | root: |
| 35 | enabled: true |
| 36 | user: ${linux:system:user:root} |
| 37 | known_hosts: |
| 38 | - name: repo.domain.com |
| 39 | type: rsa |
| 40 | fingerprint: dd:fa:e8:68:b1:ea:ea:a0:63:f1:5a:55:48:e1:7e:37 |
| 41 | |
| 42 | OpenSSH server |
| 43 | -------------- |
| 44 | |
| 45 | OpenSSH server with configuration parameters |
| 46 | |
| 47 | .. code-block:: yaml |
| 48 | |
| 49 | openssh: |
| 50 | server: |
| 51 | enabled: true |
| 52 | permit_root_login: true |
| 53 | public_key_auth: true |
| 54 | password_auth: true |
| 55 | host_auth: true |
| 56 | banner: Welcome to server! |
| Jiri Konecny | 2a27423 | 2016-02-16 15:49:35 +0100 | [diff] [blame] | 57 | bind: |
| 58 | address: 0.0.0.0 |
| Jiri Konecny | df55053 | 2016-02-17 11:48:47 +0100 | [diff] [blame] | 59 | port: 22 |
| Filip Pytloun | a6d4a78 | 2015-10-06 16:28:32 +0200 | [diff] [blame] | 60 | |
| 61 | OpenSSH server with auth keys for users |
| 62 | |
| 63 | .. code-block:: yaml |
| 64 | |
| 65 | openssh: |
| 66 | server: |
| 67 | enabled: true |
| Jiri Konecny | 2a27423 | 2016-02-16 15:49:35 +0100 | [diff] [blame] | 68 | bind: |
| 69 | address: 0.0.0.0 |
| Jiri Konecny | df55053 | 2016-02-17 11:48:47 +0100 | [diff] [blame] | 70 | port: 22 |
| Filip Pytloun | a6d4a78 | 2015-10-06 16:28:32 +0200 | [diff] [blame] | 71 | ... |
| 72 | user: |
| 73 | newt: |
| 74 | enabled: true |
| 75 | user: ${linux:system:user:newt} |
| 76 | public_keys: |
| 77 | - ${public_keys:newt} |
| 78 | root: |
| 79 | enabled: true |
| 80 | user: ${linux:system:user:root} |
| 81 | public_keys: |
| 82 | - ${public_keys:newt} |
| 83 | |
| Filip Pytloun | daf8f98 | 2015-12-16 11:55:34 +0100 | [diff] [blame] | 84 | OpenSSH server for use with FreeIPA |
| 85 | |
| 86 | .. code-block:: yaml |
| 87 | |
| 88 | openssh: |
| 89 | server: |
| 90 | enabled: true |
| Jiri Konecny | 2a27423 | 2016-02-16 15:49:35 +0100 | [diff] [blame] | 91 | bind: |
| 92 | address: 0.0.0.0 |
| Jiri Konecny | df55053 | 2016-02-17 11:48:47 +0100 | [diff] [blame] | 93 | port: 22 |
| Filip Pytloun | daf8f98 | 2015-12-16 11:55:34 +0100 | [diff] [blame] | 94 | public_key_auth: true |
| 95 | authorized_keys_command: |
| 96 | command: /usr/bin/sss_ssh_authorizedkeys |
| 97 | user: nobody |
| 98 | |
| Filip Pytloun | a6d4a78 | 2015-10-06 16:28:32 +0200 | [diff] [blame] | 99 | Read more |
| 100 | ========= |
| 101 | |
| 102 | * http://www.openssh.org/manual.html |
| 103 | * https://help.ubuntu.com/community/SSH/OpenSSH/Configuring |
| 104 | * http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html |
| 105 | * http://www.zeitoun.net/articles/ssh-through-http-proxy/start |