basics-formula/basics/ssh/sshd_config.jinja

Port {{ salt['pillar.get']('basics:ssh:port', 22) }}
PermitRootLogin {{ salt['pillar.get']('basics:ssh:permit_root_login', 'yes') }}
MaxSessions 1
PubkeyAuthentication {{ salt['pillar.get']('basics:ssh:pubkey_authentication', 'yes') }}
HostbasedAuthentication no
IgnoreRhosts yes
PasswordAuthentication {{ salt['pillar.get']('basics:ssh:password_authentication', 'no') }}
ChallengeResponseAuthentication no
UsePAM yes
AllowTcpForwarding {{ salt['pillar.get']('basics:ssh:allow_tcp_forwarding', 'no') }}
X11Forwarding {{ salt['pillar.get']('basics:ssh:x11_forwarding', 'no') }}
PrintMotd no
MaxStartups 5:50:30
AcceptEnv LANG LC_*
{% if grains.os_family == "Suse" %}
Subsystem       sftp    /usr/libexec/ssh/sftp-server
{% else %}
Subsystem       sftp    /usr/lib/openssh/sftp-server
{% endif %}
init 2024-06-01 19:24:19 +02:00			`Port {{ salt['pillar.get']('basics:ssh:port', 22) }}`
			`PermitRootLogin {{ salt['pillar.get']('basics:ssh:permit_root_login', 'yes') }}`
			`MaxSessions 1`
			`PubkeyAuthentication {{ salt['pillar.get']('basics:ssh:pubkey_authentication', 'yes') }}`
			`HostbasedAuthentication no`
			`IgnoreRhosts yes`
			`PasswordAuthentication {{ salt['pillar.get']('basics:ssh:password_authentication', 'no') }}`
			`ChallengeResponseAuthentication no`
			`UsePAM yes`
			`AllowTcpForwarding {{ salt['pillar.get']('basics:ssh:allow_tcp_forwarding', 'no') }}`
			`X11Forwarding {{ salt['pillar.get']('basics:ssh:x11_forwarding', 'no') }}`
			`PrintMotd no`
			`MaxStartups 5:50:30`
			`AcceptEnv LANG LC_*`
fix sshd_config for opensuse 2024-06-17 20:19:49 +02:00			`{% if grains.os_family == "Suse" %}`
			`Subsystem sftp /usr/libexec/ssh/sftp-server`
			`{% else %}`
init 2024-06-01 19:24:19 +02:00			`Subsystem sftp /usr/lib/openssh/sftp-server`
fix sshd_config for opensuse 2024-06-17 20:19:49 +02:00			`{% endif %}`