Merge pull request #1601 from sever-sever/T4720

ssh: T4720: Ability to configure SSH-server HostKeyAlgorithms
author: Christian Poessinger <christian@poessinger.com> 2022-10-20 17:27:22 +0200
committer: GitHub <noreply@github.com> 2022-10-20 17:27:22 +0200
commit: 0ac50cd67c14d011b600fa2362b7f6b405299b30 (patch)
tree: 77c851fd9934a1bd60c42e64ee87632154658731 /interface-definitions
parent: 8403848a338d54f9e489fca1efd1143d820a14a6 (diff)
parent: 3ff47d3388fbbcd538d262170c4950aaa61d0efe (diff)
download: vyos-1x-0ac50cd67c14d011b600fa2362b7f6b405299b30.tar.gz
vyos-1x-0ac50cd67c14d011b600fa2362b7f6b405299b30.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in
index f3c731fe5..2bcce2cf0 100644
--- a/interface-definitions/ssh.xml.in
+++ b/interface-definitions/ssh.xml.in
@@ -133,6 +133,19 @@
               </leafNode>
             </children>
           </node>
+          <leafNode name="hostkey-algorithm">
+            <properties>
+              <help>Allowed host key signature algorithms</help>
+              <completionHelp>
+                <!-- generated by ssh -Q HostKeyAlgorithms | tr '\n' ' ' as this will not change dynamically  -->
+                <list>ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 sk-ecdsa-sha2-nistp256@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-rsa-cert-v01@openssh.com rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com</list>
+              </completionHelp>
+              <multi/>
+              <constraint>
+                <regex>(ssh-ed25519|ssh-ed25519-cert-v01@openssh.com|sk-ssh-ed25519@openssh.com|sk-ssh-ed25519-cert-v01@openssh.com|ssh-rsa|rsa-sha2-256|rsa-sha2-512|ssh-dss|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|sk-ecdsa-sha2-nistp256@openssh.com|webauthn-sk-ecdsa-sha2-nistp256@openssh.com|ssh-rsa-cert-v01@openssh.com|rsa-sha2-256-cert-v01@openssh.com|rsa-sha2-512-cert-v01@openssh.com|ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com|ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521-cert-v01@openssh.com|sk-ecdsa-sha2-nistp256-cert-v01@openssh.com)</regex>
+              </constraint>
+            </properties>
+          </leafNode>
           <leafNode name="key-exchange">
             <properties>
               <help>Allowed key exchange (KEX) algorithms</help>
author	Christian Poessinger <christian@poessinger.com>	2022-10-20 17:27:22 +0200
committer	GitHub <noreply@github.com>	2022-10-20 17:27:22 +0200
commit	0ac50cd67c14d011b600fa2362b7f6b405299b30 (patch)
tree	77c851fd9934a1bd60c42e64ee87632154658731 /interface-definitions
parent	8403848a338d54f9e489fca1efd1143d820a14a6 (diff)
parent	3ff47d3388fbbcd538d262170c4950aaa61d0efe (diff)
download	vyos-1x-0ac50cd67c14d011b600fa2362b7f6b405299b30.tar.gz vyos-1x-0ac50cd67c14d011b600fa2362b7f6b405299b30.zip