vyos-1x.git/data/templates/ssh, branch vyos/1.4dev0

vyos-1x.git/data/templates/ssh, branch vyos/1.4dev0 VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) https://git.amelek.net/marekm72/vyos-1x.git/atom?h=vyos%2F1.4dev0 2021-01-07T22:23:40+00:00 ssh: T2635: harden Jinja2 template and daemon startup 2021-01-07T22:23:40+00:00 Christian Poessinger christian@poessinger.com 2021-01-07T22:22:58+00:00 urn:sha1:dcdc4f3ea27f1a26f8baa6b72b51c7911f21e6ba ssh: T2635: change sshd_config path to /run/sshd 2021-01-07T22:01:51+00:00 Christian Poessinger christian@poessinger.com 2021-01-07T20:30:00+00:00 urn:sha1:65ee3a66077c7708f366d9492033634024887545 T2636: remove workarounds for get_config_dict() 2020-08-31T17:59:25+00:00 Christian Poessinger christian@poessinger.com 2020-08-31T17:57:06+00:00 urn:sha1:9c63731d6683f59ea784c08852ed38e3ac22794b Now that b40c52682a256 ("config: T2636: get_config_dict() returns a list on multi node by default") is implemented the workarounds can be removed. ssh: T1076: make configuration volatile 2020-08-03T16:40:06+00:00 Christian Poessinger christian@poessinger.com 2020-08-03T16:38:55+00:00 urn:sha1:ca2ab503f42a8446175954e9e7280ecc8e75e927 Move sshd_config file to /run so it must be generated on every boot and is not stored accidently. ssh: T2691: bugfix loglevel config migration 2020-07-07T17:05:00+00:00 Christian Poessinger christian@poessinger.com 2020-07-07T17:05:00+00:00 urn:sha1:d0261c4daf31bd7fc05643e86660caee9f0442c5 When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear if the user specified "info" as loglevel instead of "INFO". There was no input validation done in 1.2 but this is now enforced in 1.3. In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If an invalid loglevel is found it will be set to info. ssh: vrf: T2682: support restart on failure indefinitely 2020-07-04T19:36:51+00:00 Christian Poessinger christian@poessinger.com 2020-07-04T19:34:37+00:00 urn:sha1:8c4221083d8898bf478e2aeec04dd135e4993cb1 Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5). ssh: T2682: simplify VRF binding 2020-07-04T19:36:51+00:00 Christian Poessinger christian@poessinger.com 2020-07-04T19:22:29+00:00 urn:sha1:ff7dd3b9de82347cc77612cb79dc159661320d49 ssh: T2642: bugfix on multiple listen-address statements 2020-06-26T07:27:18+00:00 Christian Poessinger christian@poessinger.com 2020-06-26T07:25:46+00:00 urn:sha1:8aa548c975bbbd306d9a1f8441960c3834388fdf Commit 1d7f88b459d ("ssh: T2635: migrate to get_config_dict()") used a wrong loop iterator on the rendered ListenAddress statement. ssh: T2635: migrate to get_config_dict() 2020-06-23T16:53:43+00:00 Christian Poessinger christian@poessinger.com 2020-06-23T16:52:17+00:00 urn:sha1:1d7f88b459da6224086ce1386964a238e08179ca Jinja template contains some workarounds like {% if port is string %}, this depends of the resolution of https://phabricator.vyos.net/T2636 ssh: T2321: add VRF support 2020-06-11T13:58:18+00:00 Christian Poessinger christian@poessinger.com 2020-06-11T13:58:18+00:00 urn:sha1:5deb12c509bea6e353c3b4c3174f040895646cf8