From ca2ab503f42a8446175954e9e7280ecc8e75e927 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 3 Aug 2020 18:38:55 +0200
Subject: ssh: T1076: make configuration volatile

Move sshd_config file to /run so it must be generated on every boot and is
not stored accidently.
---
 src/conf_mode/ssh.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index ffb0b700d..7b262565a 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -28,7 +28,7 @@ from vyos.xml import defaults
 from vyos import airbag
 airbag.enable()
 
-config_file = r'/etc/ssh/sshd_config'
+config_file = r'/run/ssh/sshd_config'
 systemd_override = r'/etc/systemd/system/ssh.service.d/override.conf'
 
 def get_config():
@@ -42,6 +42,8 @@ def get_config():
     # options which we need to update into the dictionary retrived.
     default_values = defaults(base)
     ssh = dict_merge(default_values, ssh)
+    # pass config file path - used in override template
+    ssh['config_file'] = config_file
 
     return ssh
 
-- 
cgit v1.2.3