SSH Proxy Module

SSH Proxy

Manage a remote host via SSH, using a Proxy Minion. This module doesn’t have any external dependencies, as it makes use of the native Salt internals used for salt-ssh, therefore managing the remote machine by uploading a lightweight Salt version on the target host, then invokes Salt functions over SSH (using the ssh binary installed on your computer or wherever this Proxy Minion runs).


To manage machines running Windows, you will need to install the saltwinshell library.


The configuration is aligned to the general Proxy Minion standards: put the connection details and credentials under the proxy key in the Proxy config or Pillar.

The IP address or the hostname of the remove machine to manage.
Integer, the port number to use when establishing he connection (defaults to 22).
The username required for authentication.
The password used for authentication.
Absolute path to the private SSH key used for authentication.
The SSH private key password.
timeout: 30
The SSH timeout. Defaults to 30 seconds.
sudo: False
Execute commands as sudo.
tty: False
Connect over tty.
The username that should execute the commands as sudo.
Enable remote port forwarding. Example: Multiple remote port forwardings are supported, using comma-separated values, e.g.,,
identities_only: False
Execute SSH with -o IdentitiesOnly=yes. This option is intended for situations where ssh-agent offers many different identities and allow ssh to ignore those identities and use the only one specified in options.
ignore_host_keys: False
By default ssh host keys are honored and connections will ask for approval. Use this option to disable StrictHostKeyChecking.
no_host_keys: False
Fully ignores ssh host keys which by default are honored and connections would ask for approval. Useful if the host key of a remote server has changed and would still error with ignore_host_keys.
winrm: False
Flag that tells Salt to connect to a Windows machine. This option requires the saltwinshell to be installed.

Example Pillar:

  proxytype: ssh
  user: test
  passwd: test
  port: 2022, *args, **kwargs)[source]

Call an arbitrary Salt function and return the output.


Invoke grains.items from the thin Salt on the remote machine, in order to return here the Grains.


Init the SSH connection, and execute a simple call to ensure that the remote device is reachable, otherwise throw an error.


Proxy initialized properly?


Return the list of executors that should invoke the Salt functions.[source]

Execute “echo” on the remote host to ensure it’s still accessible.