SSH

This state installs Openssh-server and changes it’s port to 8888 with Jinja for-in loop.

Init.sls


openssh-server:
 pkg.installed

{% for port in ['8888'] %}

/etc/ssh/sshd_config:
 file.managed:
   - source: salt://ssh/sshconfig.txt
   - template: jinja
   - context:
     port: {{ port }}
{% endfor %}

openssh-service:
 service.running:
   - name: ssh
   - watch:
     - file: /etc/ssh/sshd_config

sshconfig.txt


Port {{ port }}
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin prohibit-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes