summaryrefslogtreecommitdiff
path: root/src/conf_mode/ssh.py
AgeCommit message (Collapse)Author
2023-07-19sshguard: T5354: Add service ssh dynamic-protectionViacheslav Hletenko
Sshguard protects hosts from brute-force attacks It can inspect logs and block "bad" addresses by threshold Auto-generates own tables and rules for nftables, so they are not intercept with VyOS firewall rules. When service stops, all generated tables are deleted. set service ssh dynamic-protection set service ssh dynamic-protection allow-from '192.0.2.1' set service ssh dynamic-protection block-time '120' set service ssh dynamic-protection detect-time '1800' set service ssh dynamic-protection threshold '30'
2021-01-13ssh: T3212: do not make /run/sshd directory disappear on failureChristian Poessinger
(cherry picked from commit 57fca79636b783dc4be2df1bc1ff12a0ce79d988)
2021-01-07ssh: T2635: harden Jinja2 template and daemon startupChristian Poessinger
2021-01-07ssh: T2635: change sshd_config path to /run/sshdChristian Poessinger
2020-11-27vyos.template: T2720: always enable Jinja2 trim_blocks featureChristian Poessinger
2020-11-12ssh: T2635: drop superfluous importChristian Poessinger
Commit a1327d2b970 ("ssh: T2635: reuse common verify_vrf() function") already moved to the common verify logic but did not remove the no longer needed import statement.
2020-10-30ssh: T2635: reuse common verify_vrf() functionChristian Poessinger
2020-08-31configd: T2582: add scripts to include list for daemonJohn Estabrook
2020-08-03ssh: T1076: make configuration volatileChristian Poessinger
Move sshd_config file to /run so it must be generated on every boot and is not stored accidently.
2020-07-01config: T2667: adapt for refinements to get_config_dictJohn Estabrook
2020-06-23ssh: T2635: migrate to get_config_dict()Christian Poessinger
Jinja template contains some workarounds like {% if port is string %}, this depends of the resolution of https://phabricator.vyos.net/T2636
2020-06-13ssh: T2321: always run "systemctl daemon-reload"Christian Poessinger
2020-06-13ssh: T2321: fix invalid string/list assignment of default portChristian Poessinger
Commit 5deb12c509be ("ssh: T2321: add VRF support") restructured the Port assignment (cleanup from the early days) but it accesses a string with methods used for a list, resulting in the funny default port 2.
2020-06-11ssh: T2321: add VRF supportChristian Poessinger
2020-06-11ssh: T2321: use list over string when working with Config()Christian Poessinger
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-05-19util: T2467: add systemctl to autosudoThomas Mangin
2020-04-12template: T2230: use render to generate templatesThomas Mangin
convert all call to jinja to use template.render
2020-04-09util: T2226: os.system was wrongly converted to runThomas Mangin
os.system does print the ouput of the command, run() does not. A new function called call() does the printing and return the error code.
2020-04-06util: T2226: covert most calls from os.system to utilThomas Mangin
As little change a possible but the function call The behaviour should be totally unchanged.
2020-04-05ssh: T2230: add Jinja2 trim_blocks Environment optionChristian Poessinger
2020-04-05ssh: T2230: move inlined templates to dedicated filesChristian Poessinger
2019-10-19Merge branch 'current' of github.com:vyos/vyos-1x into equuleusChristian Poessinger
* 'current' of github.com:vyos/vyos-1x: T1749: support multiple ranges in the numeric validator. dhcp-server: T1745: bugfix corner case on static-assignments system-proxy: T1741 - Add system wide proxy setting wireguard - remove endpoint check to enable roaming connections system-proxy: T1741 - Add system wide proxy setting CLI implementation Python/ifconfig: T1712: always start DHCP when configured Python/ifconfig: T1557: get_status() must use admin state not operstate bgp: T1490: fix migrator file permissions snmp: T1737: add missing completion helpers Revert "Python/ifconfig: T1712: wait when changing interface state" snmpd: T1705 - High CPU usage by bgpd when snmp is active Revert "snmpd: T1705 - High CPU usage by bgpd when snmp is active" openvpn: T1548: clean out import statements ssh.py: check if file exists before deleting it [BGP] T1490: Added migration for obsoleted 'bgp scan-time' parameter
2019-10-13ssh.py: check if file exists before deleting itChristian Poessinger
2019-10-09ssh - T1719: ssh deprecated options removedhagbard
* Deprecated option since openssh 7.5 UsePrivilegeSeparation, KeyRegenerationInterval, ServerKeyBits, RSAAuthentication, RhostsRSAAuthentication
2018-10-21T634: remove 'service ssh allow-root'Christian Poessinger
2018-10-19Add Client keepalive option for use with cloud-initUnicronNL
Add option to specify multiple listening ports Clean up template generation layout
2018-08-26ssh.py: start/stop service via systemctlChristian Poessinger
2018-05-23Use normal assignment by key instead of setdefault() everywhere.Daniil Baturin
The setdefault() dict object method updates the value only if it's not already set, so it's useless for what we want to do, despite its deceptive name.
2018-05-16conf_mode: remove generation time from config header and adjust scriptnameChristian Poessinger
2018-05-16Revert "T634: Remove 'service ssh allow-root'"Christian Poessinger
This reverts commit d9474df03d47b20f06580c3b32aac69849162015.
2018-05-16T644: remove prefixing from all scripts and update environment variables ↵Daniil Baturin
with VyOS paths.