salt/states/roles/maintain/sshserver/init.sls

ssh-server-pkg:
  pkg.installed:
    - name: openssh

ssh-group:
  group.present:
    - name: ssh
    - gid: 1500

ssh-user:
  user.present:
    - name: ssh
    - shell: /bin/bash
    - home: /home/ssh
    - uid: 1500
    - gid: 1500
    - password: "{%- include 'secure/passwords/ssh_user_password.txt' -%}"
    - hash_password: true
    - groups:
      - ssh

ssh-server-config:
  file.managed:
    - name: /etc/ssh/sshd_config
    - source: salt://roles/maintain/sshserver/sshd_config
    - user: root
    - group: root
    - mode: 644

ssh-server-service:
  service.running:
    - name: sshd
    - enable: true
    - watch:
      - file: ssh-server-config