Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / openssh / refs/heads/binds / . / README.rst
blob: 33c051c0ce1b4843d9362eb4bdd54ceb41f634a7 [file] [log] [blame]
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]1=======
2OpenSSH
3=======
4
5OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
6
7Sample pillar
8=============
9
10OpenSSH client
11--------------
12
13OpenSSH client with shared private key
14
15.. code-block:: yaml
16
17 openssh:
18 client:
19 enabled: true
20 user:
21 root:
22 enabled: true
23 private_key: ${private_keys:vaio.newt.cz}
24 user: ${linux:system:user:root}
25
26OpenSSH client with individual private key and known host
27
28.. code-block:: yaml
29
30 openssh:
31 client:
32 enabled: true
33 user:
34 root:
35 enabled: true
36 user: ${linux:system:user:root}
37 known_hosts:
38 - name: repo.domain.com
39 type: rsa
40 fingerprint: dd:fa:e8:68:b1:ea:ea:a0:63:f1:5a:55:48:e1:7e:37
41
42OpenSSH server
43--------------
44
45OpenSSH server with configuration parameters
46
47.. code-block:: yaml
48
49 openssh:
50 server:
51 enabled: true
52 permit_root_login: true
53 public_key_auth: true
54 password_auth: true
55 host_auth: true
56 banner: Welcome to server!
Jiri Konecny2a274232016-02-16 15:49:35 +0100[diff] [blame]57 bind:
58 address: 0.0.0.0
Jiri Konecnydf550532016-02-17 11:48:47 +0100[diff] [blame]59 port: 22
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]60
Filip Pytloun2d3c8032016-03-11 16:40:20 +0100[diff] [blame]61OpenSSH server with auth keys for users.
62Parameter ``purge`` will ensure exact authorized_keys contents co undefined
63keys will be removed.
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]64
65.. code-block:: yaml
66
67 openssh:
68 server:
69 enabled: true
Jiri Konecny2a274232016-02-16 15:49:35 +0100[diff] [blame]70 bind:
71 address: 0.0.0.0
Jiri Konecnydf550532016-02-17 11:48:47 +0100[diff] [blame]72 port: 22
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]73 ...
74 user:
75 newt:
76 enabled: true
77 user: ${linux:system:user:newt}
78 public_keys:
79 - ${public_keys:newt}
80 root:
81 enabled: true
Filip Pytloun2d3c8032016-03-11 16:40:20 +0100[diff] [blame]82 purge: true
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]83 user: ${linux:system:user:root}
84 public_keys:
85 - ${public_keys:newt}
86
Filip Pytlouna12db4a2016-12-02 13:21:02 +0100[diff] [blame]87You can also bind openssh on multiple addresses and ports:
88
89.. code-block:: yaml
90
91 openssh:
92 server:
93 enabled: true
94 binds:
95 - address: 127.0.0.1
96 port: 22
97 - address: 192.168.1.1
98 port: 2222
99
Filip Pytloundaf8f982015-12-16 11:55:34 +0100[diff] [blame]100OpenSSH server for use with FreeIPA
101
102.. code-block:: yaml
103
104 openssh:
105 server:
106 enabled: true
Jiri Konecny2a274232016-02-16 15:49:35 +0100[diff] [blame]107 bind:
108 address: 0.0.0.0
Jiri Konecnydf550532016-02-17 11:48:47 +0100[diff] [blame]109 port: 22
Filip Pytloundaf8f982015-12-16 11:55:34 +0100[diff] [blame]110 public_key_auth: true
111 authorized_keys_command:
112 command: /usr/bin/sss_ssh_authorizedkeys
113 user: nobody
114
Filip Pytlouna6d4a782015-10-06 16:28:32 +0200[diff] [blame]115Read more
116=========
117
118* http://www.openssh.org/manual.html
119* https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
120* http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
121* http://www.zeitoun.net/articles/ssh-through-http-proxy/start