diff options
| -rw-r--r-- | interface-definitions/ssh.xml | 6 | ||||
| -rwxr-xr-x | src/conf_mode/ssh.py | 6 | ||||
| -rwxr-xr-x | src/migration-scripts/ssh/0-to-1 | 32 |
3 files changed, 33 insertions, 11 deletions
diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml index 35fe79214..c5504453e 100644 --- a/interface-definitions/ssh.xml +++ b/interface-definitions/ssh.xml @@ -72,12 +72,6 @@ </node> </children> </node> - <leafNode name="allow-root"> - <properties> - <help>Allow the root user to login</help> - <valueless/> - </properties> - </leafNode> <leafNode name="ciphers"> <properties> <help>Allowed ciphers</help> diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index beca7bb9a..9b6c5cea5 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -73,7 +73,7 @@ Port {{ port }} LogLevel {{ log_level }} # Specifies whether root can log in using ssh -PermitRootLogin {{ allow_root }} +PermitRootLogin no # Specifies whether password authentication is allowed PasswordAuthentication {{ password_authentication }} @@ -142,7 +142,6 @@ DenyGroups {{ deny_groups | join(" ") }} default_config_data = { 'port' : '22', 'log_level': 'INFO', - 'allow_root': 'no', 'password_authentication': 'yes', 'host_validation': 'yes' } @@ -171,9 +170,6 @@ def get_config(): deny_groups = conf.return_values('access-control deny group') ssh['deny_groups'] = deny_groups - if conf.exists('allow-root'): - ssh['allow-root'] = 'yes' - if conf.exists('ciphers'): ciphers = conf.return_values('ciphers') ssh['ciphers'] = ciphers diff --git a/src/migration-scripts/ssh/0-to-1 b/src/migration-scripts/ssh/0-to-1 new file mode 100755 index 000000000..91b832276 --- /dev/null +++ b/src/migration-scripts/ssh/0-to-1 @@ -0,0 +1,32 @@ +#!/usr/bin/env python3 + +# Delete "service ssh allow-root" option + +import sys + +from vyos.configtree import ConfigTree + +if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) + +if not config.exists(['service', 'ssh', 'allow-root']): + # Nothing to do + sys.exit(0) +else: + # Delete node with abandoned command + config.delete(['service', 'ssh', 'allow-root']) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) |