updated ssh state

states/ssh/config.sls

@@ -1,4 +1,12 @@
 ---
+ssh-ssh-config:
+  file.managed:
+    - name: /etc/ssh/ssh_config
+    - source: salt://ssh/ssh_config.j2
+    - template: jinja
+    - user: root
+    - mode: 0644
+
 ssh-sshd-config:
   file.managed:
     - name: /etc/ssh/sshd_config
@@ -7,4 +15,4 @@ ssh-sshd-config:
     - user: root
     - mode: 0644
     - watch_in:
-      - service: ssh-sshd-service
+      - service: ssh-sshd-service

states/ssh/defaults.yaml

@@ -3,7 +3,8 @@ ssh:
   enabled: true
   pkgs:
     - 'openssh-server'
-  config:
+    - 'openssh-client'
+  sshd_config:
     LoginGraceTime: 60
     PermitRootLogin: 'no'
     MaxAuthTries: 3
@@ -11,5 +12,7 @@ ssh:
     PasswordAuthentication: 'no'
     VersionAddendum: none
     Subsystem: sftp /usr/lib/openssh/sftp-server
-    AllowGroups: root
+    AllowGroups: admin
     X11Forwarding: 'yes'
+  ssh_config:
+    ForwardAgent: yes

states/ssh/ssh_config.j2

@@ -0,0 +1,7 @@
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
+
+{%- from "ssh/map.jinja" import ssh with context %}
+
+{%- for key, value in ssh.ssh_config.items() %}
+{{ key }} {{ value }}
+{%- endfor %}

states/ssh/sshd_config.j2

@@ -12,7 +12,7 @@
 {%- do net6.append( value.ip + "/" + value.mask ) -%}
 {%- endfor -%}
 
-{%- for key, value in ssh.config.items() %}
+{%- for key, value in ssh.sshd_config.items() %}
 {{ key }} {{ value }}
 {%- endfor %}
 Match Address {{ net4|join(',') }}