From 38d92acafed330190cbfb0fec7b7a7d739dd1a74 Mon Sep 17 00:00:00 2001
From: edunham <edunham@mozilla.com>
Date: Tue, 15 Mar 2016 11:20:24 -0700
Subject: [PATCH 1/2] Create user accounts instead of sharing root

SSH best practices is to fully disallow remote root login
---
 common/init.sls | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/common/init.sls b/common/init.sls
index e1ce6f2d..db7063b1 100644
--- a/common/init.sls
+++ b/common/init.sls
@@ -45,8 +45,15 @@ host-{{ hostname }}:
 {% endfor %}
 
 {% for ssh_user in common.ssh_users %}
+{{ ssh_user }}:
+  user.present:
+    - home: /home/{{ ssh_user }}
+    - optional_groups:
+        - wheel
+    - empty_password: True
+
 sshkey-{{ ssh_user }}:
   ssh_auth.present:
-    - user: root
+    - user: {{ ssh_user }}
     - source: salt://{{ tpldir }}/ssh/{{ ssh_user }}.pub
 {% endfor %}

From 6eb4e69c09c2d47c2ad5b9bf9cbe07dbf3ca69c8 Mon Sep 17 00:00:00 2001
From: edunham <edunham@mozilla.com>
Date: Tue, 15 Mar 2016 15:50:30 -0700
Subject: [PATCH 2/2] See if this creates homes on osx

---
 common/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/init.sls b/common/init.sls
index db7063b1..e771655e 100644
--- a/common/init.sls
+++ b/common/init.sls
@@ -47,7 +47,7 @@ host-{{ hostname }}:
 {% for ssh_user in common.ssh_users %}
 {{ ssh_user }}:
   user.present:
-    - home: /home/{{ ssh_user }}
+    - createhome: True
     - optional_groups:
         - wheel
     - empty_password: True