diff options
| author | Christian Breunig <christian@poessinger.com> | 2023-01-08 20:02:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-08 20:02:12 +0100 |
| commit | 5a6c0c4d61112e1ac08a334ab7e68c07342fd679 (patch) | |
| tree | d0507ce9a85915c493dc8524a246e8d7d42911aa | |
| parent | de1fa852c38b8eff22cf0c1a34abd13379c0705c (diff) | |
| parent | 9ebf4db1296a0df870a47a32e3f0a66f8da16266 (diff) | |
| download | vyos-1x-5a6c0c4d61112e1ac08a334ab7e68c07342fd679.tar.gz vyos-1x-5a6c0c4d61112e1ac08a334ab7e68c07342fd679.zip | |
Merge pull request #1743 from c-po/t2651-ssh-client
T4922: T4922: ssh-client backports for equuleus
| -rw-r--r-- | data/templates/system/ssh_config.tmpl | 7 | ||||
| -rw-r--r-- | interface-definitions/system-option.xml.in | 1 | ||||
| -rwxr-xr-x | src/conf_mode/system-option.py | 17 |
3 files changed, 21 insertions, 4 deletions
diff --git a/data/templates/system/ssh_config.tmpl b/data/templates/system/ssh_config.tmpl index abc03f069..94dac9ed3 100644 --- a/data/templates/system/ssh_config.tmpl +++ b/data/templates/system/ssh_config.tmpl @@ -1,3 +1,8 @@ -{% if ssh_client is defined and ssh_client.source_address is defined and ssh_client.source_address is not none %} +{% if ssh_client is defined %} +{% if ssh_client.source_address is defined and ssh_client.source_address is not none %} BindAddress {{ ssh_client.source_address }} +{% endif %} +{% if ssh_client.source_interface is defined and ssh_client.source_address is not none %} +BindInterface {{ ssh_client.source_interface }} +{% endif %} {% endif %} diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system-option.xml.in index 5f80e064d..b47dde0a0 100644 --- a/interface-definitions/system-option.xml.in +++ b/interface-definitions/system-option.xml.in @@ -105,6 +105,7 @@ </properties> <children> #include <include/source-address-ipv4-ipv6.xml.i> + #include <include/source-interface.xml.i> </children> </node> <leafNode name="startup-beep"> diff --git a/src/conf_mode/system-option.py b/src/conf_mode/system-option.py index ddb91aeaf..a112c2b6f 100755 --- a/src/conf_mode/system-option.py +++ b/src/conf_mode/system-option.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2020 VyOS maintainers and contributors +# Copyright (C) 2019-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -22,16 +22,18 @@ from time import sleep from vyos.config import Config from vyos.configdict import dict_merge +from vyos.configverify import verify_source_interface from vyos.template import render from vyos.util import cmd from vyos.validate import is_addr_assigned +from vyos.validate import is_intf_addr_assigned from vyos.xml import defaults from vyos import ConfigError from vyos import airbag airbag.enable() curlrc_config = r'/etc/curlrc' -ssh_config = r'/etc/ssh/ssh_config' +ssh_config = r'/etc/ssh/ssh_config.d/91-vyos-ssh-client-options.conf' systemd_action_file = '/lib/systemd/system/ctrl-alt-del.target' def get_config(config=None): @@ -67,8 +69,17 @@ def verify(options): if 'ssh_client' in options: config = options['ssh_client'] if 'source_address' in config: + address = config['source_address'] if not is_addr_assigned(config['source_address']): - raise ConfigError('No interface with give address specified!') + raise ConfigError('No interface with address "{address}" configured!') + + if 'source_interface' in config: + verify_source_interface(config) + if 'source_address' in config: + address = config['source_address'] + interface = config['source_interface'] + if not is_intf_addr_assigned(interface, address): + raise ConfigError(f'Address "{address}" not assigned on interface "{interface}"!') return None |