vyos-1x.git/src/conf_mode/ssh.py, branch 1.4.0-epa1 VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) https://git.amelek.net/marekm72/vyos-1x.git/atom?h=1.4.0-epa1 2024-01-01T08:25:32+00:00 T5474: establish common file name pattern for XML conf mode commands 2024-01-01T08:25:32+00:00 Christian Breunig christian@breunig.cc 2023-12-30T22:25:20+00:00 urn:sha1:c9eaafd9f808aba8d29be73054e11d37577e539a We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in (cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465) T5434: use merge_defaults in ssh.py 2023-08-07T19:46:42+00:00 John Estabrook jestabro@vyos.io 2023-08-07T00:59:43+00:00 urn:sha1:ec30a443353293e97de3e60598a2aca06f0e082d T5195: vyos.util -> vyos.utils package refactoring (#2093) 2023-07-14T20:18:36+00:00 Christian Breunig christian@breunig.cc 2023-07-14T20:18:36+00:00 urn:sha1:d1ca536da448749dff557f13ecae97b124026e96 * T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io systemd: T2185: always place generated override files in /run 2023-01-14T20:19:45+00:00 Christian Breunig christian@breunig.cc 2023-01-14T20:19:45+00:00 urn:sha1:da015473559f88e604b27ba66a2f4a9f95425bb2 This prevents any stale override files when the system is beeing rebooted, but the actual configuration was not saved. /run is a tmpfs and thus always fresh after boot. ssh: T4716: Ablity to configure RekeyLimit data and time 2022-10-10T12:52:54+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-09-27T16:06:52+00:00 urn:sha1:b9de775a5b4f017f9d164a127d93f55ce9053756 Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60 ssh: T2185: use reload-or-restart on configuration changes 2022-08-25T16:57:27+00:00 Christian Poessinger christian@poessinger.com 2022-08-25T16:55:44+00:00 urn:sha1:02e3dbbe53ac15309eb3b809c78ce9f64da1205f sshguard: T4408: Add service ssh dynamic-protection 2022-05-12T17:27:38+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-05-10T15:14:19+00:00 urn:sha1:2e81f9e057f598a9a9e5c2d617e3d0818005d850 Sshguard protects hosts from brute-force attacks Can inspect logs and block "bad" addresses by threshold Auto-generate rules for nftables When service stopped all generated rules are deleted nft "type filter hook input priority filter - 10" set service ssh dynamic-protection set service ssh dynamic-protection block-time 120 set service ssh dynamic-protection detect-time 1800 set service ssh dynamic-protection threshold 30 set service ssh dynamic-protection whitelist-address 192.0.2.1 ssh: T4353: fix Jinja2 linting errors 2022-04-14T19:34:52+00:00 Christian Poessinger christian@poessinger.com 2022-04-14T19:34:52+00:00 urn:sha1:dbfc2add3434638628b43ecfa097fbd166c85db7 ssh: T671: generate rsa, dsa and ed25519 keys on demand 2021-01-17T12:45:24+00:00 Christian Poessinger christian@poessinger.com 2021-01-17T12:45:03+00:00 urn:sha1:70ae542e3ead29869576788377a3fc8d2a0cc473 ssh: T3212: do not make /run/sshd directory disappear on failure 2021-01-13T20:40:36+00:00 Christian Poessinger christian@poessinger.com 2021-01-13T20:40:36+00:00 urn:sha1:57fca79636b783dc4be2df1bc1ff12a0ce79d988