Blame - README.rst - salt-formulas/openssh

blob: b22cc25931d418c6bcf8514977ea8d0b017baaeb [file] [log] [blame]

Filip Pytloun	a6d4a78	2015-10-06 16:28:32 +0200	[diff] [blame]	1	=======
				2	OpenSSH
				3	=======
				4
				5	OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
				6
				7	Sample pillar
				8	=============
				9
				10	OpenSSH client
				11	--------------
				12
				13	OpenSSH client with shared private key
				14
				15	.. code-block:: yaml
				16
				17	openssh:
				18	client:
				19	enabled: true
				20	user:
				21	root:
				22	enabled: true
Jiri Broulik	d33c8dd	2017-04-27 17:18:26 +0200	[diff] [blame]	23	private_key:
				24	type: rsa
				25	key: ${_param:root_private_key}
Filip Pytloun	a6d4a78	2015-10-06 16:28:32 +0200	[diff] [blame]	26	user: ${linux:system:user:root}
				27
				28	OpenSSH client with individual private key and known host
				29
				30	.. code-block:: yaml
				31
				32	openssh:
				33	client:
				34	enabled: true
				35	user:
				36	root:
				37	enabled: true
				38	user: ${linux:system:user:root}
				39	known_hosts:
				40	- name: repo.domain.com
				41	type: rsa
				42	fingerprint: dd:fa:e8:68:b1:ea:ea:a0:63:f1:5a:55:48:e1:7e:37
				43
				44	OpenSSH server
				45	--------------
				46
				47	OpenSSH server with configuration parameters
				48
				49	.. code-block:: yaml
				50
				51	openssh:
				52	server:
				53	enabled: true
				54	permit_root_login: true
				55	public_key_auth: true
				56	password_auth: true
				57	host_auth: true
				58	banner: Welcome to server!
Jiri Konecny	2a27423	2016-02-16 15:49:35 +0100	[diff] [blame]	59	bind:
				60	address: 0.0.0.0
Jiri Konecny	df55053	2016-02-17 11:48:47 +0100	[diff] [blame]	61	port: 22
Filip Pytloun	a6d4a78	2015-10-06 16:28:32 +0200	[diff] [blame]	62
Filip Pytloun	2d3c803	2016-03-11 16:40:20 +0100	[diff] [blame]	63	OpenSSH server with auth keys for users.
				64	Parameter ``purge`` will ensure exact authorized_keys contents co undefined
				65	keys will be removed.
Filip Pytloun	a6d4a78	2015-10-06 16:28:32 +0200	[diff] [blame]	66
				67	.. code-block:: yaml
				68
				69	openssh:
				70	server:
				71	enabled: true
Jiri Konecny	2a27423	2016-02-16 15:49:35 +0100	[diff] [blame]	72	bind:
				73	address: 0.0.0.0
Jiri Konecny	df55053	2016-02-17 11:48:47 +0100	[diff] [blame]	74	port: 22
Filip Pytloun	a6d4a78	2015-10-06 16:28:32 +0200	[diff] [blame]	75	...
				76	user:
				77	newt:
				78	enabled: true
				79	user: ${linux:system:user:newt}
				80	public_keys:
				81	- ${public_keys:newt}
				82	root:
				83	enabled: true
Filip Pytloun	2d3c803	2016-03-11 16:40:20 +0100	[diff] [blame]	84	purge: true
Filip Pytloun	a6d4a78	2015-10-06 16:28:32 +0200	[diff] [blame]	85	user: ${linux:system:user:root}
				86	public_keys:
				87	- ${public_keys:newt}
				88
Filip Pytloun	a12db4a	2016-12-02 13:21:02 +0100	[diff] [blame]	89	You can also bind openssh on multiple addresses and ports:
				90
				91	.. code-block:: yaml
				92
				93	openssh:
				94	server:
				95	enabled: true
				96	binds:
				97	- address: 127.0.0.1
				98	port: 22
				99	- address: 192.168.1.1
				100	port: 2222
				101
Filip Pytloun	daf8f98	2015-12-16 11:55:34 +0100	[diff] [blame]	102	OpenSSH server for use with FreeIPA
				103
				104	.. code-block:: yaml
				105
				106	openssh:
				107	server:
				108	enabled: true
Jiri Konecny	2a27423	2016-02-16 15:49:35 +0100	[diff] [blame]	109	bind:
				110	address: 0.0.0.0
Jiri Konecny	df55053	2016-02-17 11:48:47 +0100	[diff] [blame]	111	port: 22
Filip Pytloun	daf8f98	2015-12-16 11:55:34 +0100	[diff] [blame]	112	public_key_auth: true
				113	authorized_keys_command:
				114	command: /usr/bin/sss_ssh_authorizedkeys
				115	user: nobody
				116
Filip Pytloun	a6d4a78	2015-10-06 16:28:32 +0200	[diff] [blame]	117	Read more
				118	=========
				119
				120	* http://www.openssh.org/manual.html
				121	* https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
				122	* http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
				123	* http://www.zeitoun.net/articles/ssh-through-http-proxy/start
Filip Pytloun	0e13906	2017-02-02 13:02:03 +0100	[diff] [blame]	124
				125	Documentation and Bugs
				126	======================
				127
				128	To learn how to install and update salt-formulas, consult the documentation
				129	available online at:
				130
				131	http://salt-formulas.readthedocs.io/
				132
				133	In the unfortunate event that bugs are discovered, they should be reported to
				134	the appropriate issue tracker. Use Github issue tracker for specific salt
				135	formula:
				136
				137	https://github.com/salt-formulas/salt-formula-openssh/issues
				138
				139	For feature requests, bug reports or blueprints affecting entire ecosystem,
				140	use Launchpad salt-formulas project:
				141
				142	https://launchpad.net/salt-formulas
				143
				144	You can also join salt-formulas-users team and subscribe to mailing list:
				145
				146	https://launchpad.net/~salt-formulas-users
				147
				148	Developers wishing to work on the salt-formulas projects should always base
				149	their work on master branch and submit pull request against specific formula.
				150
				151	https://github.com/salt-formulas/salt-formula-openssh
				152
				153	Any questions or feedback is always welcome so feel free to join our IRC
				154	channel:
				155
				156	#salt-formulas @ irc.freenode.net