Comments (4)
I think the last discussion about this ended with "if no pillars are set don't touch the file at all" but this doesn't look like the intended result for a minimal config either…
Keeping all the different defaults for all the different platforms and their versions in the formula would be difficult to maintain so we relied on the sensible compiled-in defaults existing for most values.
AFAICT sshd_config(5)
doesn't support includes so we can't just use overrides in a 2nd file and I don't know if we have a decent parser for this format (not .ini
, mostly key/value but with Match
blocks possible).
from openssh-formula.
I'm not sure this is a good result, are the default values shipped by the distro always the default values upstream ? I don't think so.
@arthurlogilab, without meaning that the results you pasted are 'good or bad', Those result will end up using the distro-provided defaults, with your particular changes overwriting the distro-provided defaults.
Generally speaking, I think distro-provided are 'upstream's defaults + changes that make the daemon work nicely with our distribution', so I'd say that the results you get with the that config file will be what you want (upstream -> distro-provided changes -> your-changes).
I don't know if we have a decent parser for this format (not .ini, mostly key/value but with Match blocks possible).
@0xf10e , I think that we might try to create a resource that dumps the current working config (run sshd -T
to dump the current config and write that down to the /etc/ssh/sshd_config
file), but I'm not sure if that's something we'd like to do by default. Perhaps adding a explicit_verbose_config: true
or something like that so, whoever prefers the complete config can get it?
OTOH, as a dumb fix, perhaps @arthurlogilab might want to run this command in his host/s and dump those values to his pillar/s.
from openssh-formula.
@javierbertoli did you take a look at my pull request ? I does what I'm describing.
@0xf10e as the "Sections" part of the wikipedia page states about ini files : https://en.wikipedia.org/wiki/INI_file "Keys may (but need not) be grouped into arbitrarily named sections. " So sshd_config according to this definition is an ini file and can be handled with ini.options_present by using no sections and separator = ' ' (as implemented in the PR)
from openssh-formula.
As long as there are no Match blocks like those:
PasswordAuthentication no
X11Forwarding no
### this should be on the bottom of the config file
### Enable password authentication for IP 1.2.3.4
Match Address 1.2.3.4
PasswordAuthentication yes
Match User John Address 172.16.1.*
X11Forwarding yes
(From Limit access to openssh features with the Match option)
from openssh-formula.
Related Issues (20)
- Test config before restarting service HOT 6
- Some minor version issues HOT 2
- Indenting does not render properly HOT 2
- openssh.config_ini / HostKey clobbering HOT 1
- Needs workaround for RedHat-family 6.x with SELinux enabled ("check_cmd execution failed ... Permission denied") (fix included) HOT 2
- Remove blank lines in rendered ssh_config and sshd_config HOT 6
- Jinja error: variable 'dict object' has no attribute 'ssh_config'
- Wish: Add support for Win32-OpenSSH HOT 1
- Indicate deprecated config HOT 2
- Sort example pillar options HOT 1
- config_ini duplicating lines due to tab instead of space (e.g. Subsystem) HOT 14
- Implement `semantic-release` for this formula HOT 17
- Convert tests from Serverspec to Inspec (working on both Docker and Vagrant) HOT 1
- Change file extension of `_pillar/known_hosts_salt_ssh.sls` to `.py`
- [BUG] ssh_config multiple IdentityFile not supported HOT 4
- Deprecated option UsePrivilegeSeparation HOT 2
- [BUG] When running with salt-ssh, getting error that 'opts' is not defined. HOT 2
- [BUG] Aliases in known_hosts not picked up HOT 2
- [BUG] Log cluttered with message: "'delimiter' and 'merge' options of 'config.get' are skipped when the salt command type is 'unknown'" HOT 8
- [FEATURE] Lookup ListenAddress from Pillar key
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssh-formula.