SSH options not created using file-based public keys.

[r-pufky]

This is probably a complex solve.

In ssh_auth.{present|absent}, options should be included regardless of a file-based public key or a key in 'name'. However, in openssh/auth.sls, there seems to be a bug where if a static file is used, options are disabled. The behavior is not explicitly stated to be different from the ssh_auth documentation in the pillar.example. Sudo fix is here:

auth.sls.diff.txt

Patching this fixes specifying the ssh options with the key using file-based public key, however, forcing absent now fails seemingly because of a bad search/replace for key.

I suspect this is the same or a very similar issue to #140

Workaround:

Store the public key in the pillar data: openssh.auth.<key_label>.name. Example:

openssh:
  auth:
    key_label:
      - user: my_user
        present: True
        options:
          - no-X11-forwarding
          - no-port-forwarding
          - permitopen='localhost:80'
        name: <pubkey dump>