Salt recipe to automatically secure sshd hard enough to piss off the NSA! Automation work done by Cloud9ers.com, feel free to contact us for anything

This salt recipe only supports rhel/centos 7 style operating systems. Pull requests to support more OSs are welcome. The reason for not supporting older rhel OSs, is that sshd version 6.5 or better is required

yum install -y epel-release
yum install -y salt-minion python-augeas

cd /tmp && git clone https://github.com/cloud9ers/secure-sshd-salt.git
mkdir -p /srv/salt/
cp secure-sshd-salt/secure-sshd-salt.sls /srv/salt

The following is just one way to run this salt state. I recommend doing it this way, because this mode of operation does not need a salt master (server). If however, you are already running a salt master server, feel free to integrate with your other states

salt-call --local state.sls ssh

Note: Pull requests to support other operating systems are very welcome, as are PRs to improve the implementation. Use this at your own risk. It has not been meticulously tested.

Credits for the original work to improve sshd configuration security is due to https://stribika.github.io/2015/01/04/secure-secure-shell.html