SSH

This state installs Openssh-server and changes it’s port to 8888 with Jinja for-in loop.

Init.sls


openssh-server:
pkg.installed

{% for port in ['8888'] %}

/etc/ssh/sshd_config:
file.managed:
- source: salt://ssh/sshconfig.txt
- template: jinja
- context:
port: {{ port }}
{% endfor %}

openssh-service:
service.running:
- name: ssh
- watch:
- file: /etc/ssh/sshd_config

sshconfig.txt


Port {{ port }}
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes