OpenSSH - OpenBSD Secure Shell server

Installation

apt install openssh-server

Salt State File

openssh-server.sls

# OpenSSH - OpenBSD Secure Shell server

{% set openssh = salt['grains.filter_by']({
  'Debian': {'pkg': 'openssh-server', 'srv': 'ssh'}
}, default='Debian') %}

{{ openssh.pkg }}:
  pkg.installed:
    - name: {{ openssh.pkg }}
  service.running:
    - name: {{ openssh.srv }}
    - enable: True
    - require:
      - pkg: {{ openssh.pkg }}

{% for item in pillar['openssh']['sshd_config'] %}
{% set pattern = '^(|#)%s(.*)$' % item.split()[0] %}
{% set repl = item %}
/etc/ssh/sshd_config-{{ item }}:
  file.replace:
    - name: /etc/ssh/sshd_config
    - pattern: {{ pattern }}
    - repl: {{ repl }}
    - append_if_not_found: True
    - listen_in:
      - service: {{ openssh.srv }}
{% endfor %}

{% if pillar['openssh'].get('ssh_auth') %}
{% for user in pillar['openssh']['ssh_auth']['user'] %}
{% for comment in pillar['openssh']['ssh_auth']['user'][user] %}
ssh_auth-{{ user }}-{{ comment }}:
  ssh_auth.present:
    - user: {{ user }}
    - name: {{ pillar['openssh']['ssh_auth']['user'][user][comment]['key'] }}
    - enc: {{ pillar['openssh']['ssh_auth']['user'][user][comment]['enc'] }}
    - comment: {{ comment }}
    - config: {{ pillar['openssh']['ssh_auth'].get('config', '.ssh/authorized_keys') }}
{% endfor %}
{% endfor %}
{% endif %}