It is the 21st of February 2017

How to setup a Debian Wheezy mail and DNS server using SaltStack - SSH

In the last chapter I have setup some common configuration and packages for security, administrative tasks, user accounts. The current directory structure is:

  • /path/to/master.prograssing.com
    • ./pillar/top.sls
    • ./pillar/common/init.sls
    • ./salt/common
      • ./init.sls
      • ./bash.bashrc
      • ./bash_aliases
      • ./iptables.rules
      • ./vagrant_iptables.rules
    • ./salt/top.sls
    • ./Vagrantfile (optional)
    • ./vagrantconfig.yaml (optional)

SSH access

These salt configuration files are pretty straight forward.

./salt/ssh/init.sls

openssh-client:
  pkg.installed

/etc/ssh/ssh_config:
  file.managed:
    - user: root
    - group: root
    - mode: 644
    - source: {{ pillar['ssh_config'] }}
    - require:
      - pkg: openssh-client

/etc/ssh/sshd_config:
  file.managed:
    - user: root
    - group: root
    - mode: 644
    - source: {{ pillar['sshd_config'] }}
    - require:
      - pkg: openssh-server

/etc/motd:
  file:
    - managed
    - user: root
    - group: root
    - mode: 644
    - source: {{ pillar['ssh_motd'] }}
    - require:
      - pkg: openssh-server

/etc/issue.net:
  file:
    - managed
    - user: root
    - group: root
    - mode: 644
    - source: {{ pillar['ssh_banner'] }}
    - require:
      - pkg: openssh-server

openssh-server:
  pkg.installed

ssh:
  service.running:
    - require:
      - pkg: openssh-client
      - pkg: openssh-server
      - file: /etc/issue.net
      - file: /etc/motd
      - file: /etc/ssh/sshd_config

SSH configuration, the content of sshd_config is up to you as is the content of banners you want to eventually use. As shown in the last chapter I use pillar variables for different minions to configure ssh, like this:

./pillar/ssh/init.sls

ssh_config: salt://ssh/ssh_config
ssh_banner: salt://ssh/issue.net
ssh_motd: salt://ssh/motd
{% if grains['id'].startswith('vagrant') %}
sshd_config: salt://ssh/vagrant_sshd_config
{% else %}
sshd_config: salt://ssh/sshd_config
{% endif %}

And load the ssh module in the base pillar:

./pillar/top.sls

base:
  '*':
    - common
    - ssh

In the next chapter I will setup exim4 and dovecot as a mail server.

Featured Apps

Free Money