diff options
Diffstat (limited to 'docs/configuration/service')
| -rw-r--r-- | docs/configuration/service/https.rst | 15 | ||||
| -rw-r--r-- | docs/configuration/service/pppoe-server.rst | 1 | ||||
| -rw-r--r-- | docs/configuration/service/snmp.rst | 10 | ||||
| -rw-r--r-- | docs/configuration/service/ssh.rst | 37 |
4 files changed, 49 insertions, 14 deletions
diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index 1f1e2aa9..0c6dcbd9 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -4,7 +4,7 @@ HTTP-API ######## -VyOS provide a HTTP API. You can use it to execute op-mode commands, +VyOS provides an HTTP API. You can use it to execute op-mode commands, update VyOS, set or delete config. Please take a look at the :ref:`vyosapi` page for an detailed how-to. @@ -15,7 +15,7 @@ Configuration .. cfgcmd:: set service https api keys id <name> key <apikey> - Set an named api key, every key have the same, full permissions + Set a named api key, every key has the same, full permissions on the system. .. cfgcmd:: set service https api debug @@ -25,7 +25,7 @@ Configuration .. cfgcmd:: set service https api port - Set the listen port of the local API, this have non effect of the + Set the listen port of the local API, this has no effect on the webserver. The default is port 8080 .. cfgcmd:: set service https api strict @@ -46,7 +46,7 @@ Configuration .. cfgcmd:: set service https api-restrict virtual-host <vhost> - Nginx exposes the local API on all virtual servers, by default + Nginx exposes the local API on all virtual servers, by default. Use this to restrict nginx to one or more virtual hosts. .. cfgcmd:: set service https certificates certbot domain-name <text> @@ -71,14 +71,15 @@ Configuration Example Configuration ********************* -Set an API-KEY is the minimal configuration to get a working API Endpoint. +Setting an API-KEY is the minimal configuration needed to get a working API +Endpoint. .. code-block:: none set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY -To use this full configuration we asume a publice accessable hostname. +To use this full configuration we asume a globally resolvable hostname. .. code-block:: none @@ -88,4 +89,4 @@ To use this full configuration we asume a publice accessable hostname. set service https virtual-host rtr01 listen-address 198.51.100.2 set service https virtual-host rtr01 listen-port 11443 set service https virtual-host rtr01 server-name rtr01.example.com - set service https api-restrict virtual-host rtr01.example.com
\ No newline at end of file + set service https api-restrict virtual-host rtr01.example.com diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index 8d895f9d..ad99cec0 100644 --- a/docs/configuration/service/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -388,6 +388,7 @@ The example below covers a dual-stack configuration via pppoe-server. set service pppoe-server client-ip-pool stop '192.168.0.10' set service pppoe-server client-ipv6-pool delegate '2001:db8:8003::/48' delegation-prefix '56' set service pppoe-server client-ipv6-pool prefix '2001:db8:8002::/48' mask '64' + set service pppoe-server ppp-options ipv6 allow set service pppoe-server name-server '10.1.1.1' set service pppoe-server name-server '2001:db8:4860::8888' set service pppoe-server interface 'eth2' diff --git a/docs/configuration/service/snmp.rst b/docs/configuration/service/snmp.rst index 2a55b775..1977bf7f 100644 --- a/docs/configuration/service/snmp.rst +++ b/docs/configuration/service/snmp.rst @@ -1,3 +1,5 @@ +:lastproofread: 2022-02-01 + .. _snmp: #### @@ -129,7 +131,7 @@ sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used. -The securityapproach in v3 targets: +The security approach in v3 targets: * Confidentiality – Encryption of packets to prevent snooping by an unauthorized source. @@ -161,7 +163,7 @@ Example set service snmp v3 view default oid 1 After commit the plaintext passwords will be hashed and stored in your -configuration. The resulting LCI config will look like: +configuration. The resulting CLI config will look like: .. code-block:: none @@ -201,7 +203,7 @@ VyOS MIBs All SNMP MIBs are located in each image of VyOS here: ``/usr/share/snmp/mibs/`` -you are be able to download the files with the a activate ssh service like this +You can download the file to your local host with an active ssh service like this .. code-block:: none @@ -270,4 +272,4 @@ following content: .. _SNMPv2: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_2 .. _SNMPv3: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Version_3 -.. start_vyoslinter
\ No newline at end of file +.. start_vyoslinter diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst index 24881186..e03d1e70 100644 --- a/docs/configuration/service/ssh.rst +++ b/docs/configuration/service/ssh.rst @@ -127,8 +127,8 @@ Operation .. opcmd:: generate ssh client-key /path/to/private_key - Re-generated a known pub/private keyfile which can e.g. used to connect to - other services (RPKI cache). + Re-generated a known pub/private keyfile which can be used to connect to + other services (e.g. RPKI cache). Example: @@ -153,5 +153,36 @@ Operation | =.. o=.oo| +----[SHA256]-----+ - Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` + Two new files ``/config/auth/id_rsa_rpki`` and + ``/config/auth/id_rsa_rpki.pub`` will be created. + +.. opcmd:: generate public-key-command name <username> path <location> + + Generate the configuration mode commands to add a public key for + :ref:`ssh_key_based_authentication`. + ``<location>`` can be a local path or a URL pointing at a remote file. + + Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP. + + Example: + + .. code-block:: none + + alyssa@vyos:~$ generate public-key-command name alyssa path sftp://example.net/home/alyssa/.ssh/id_rsa.pub + # To add this key as an embedded key, run the following commands: + configure + set system login user alyssa authentication public-keys alyssa@example.net key AAA... + set system login user alyssa authentication public-keys alyssa@example.net type ssh-rsa + commit + save + exit + + ben@vyos:~$ generate public-key-command user ben path ~/.ssh/id_rsa.pub + # To add this key as an embedded key, run the following commands: + configure + set system login user ben authentication public-keys ben@vyos key AAA... + set system login user ben authentication public-keys ben@vyos type ssh-dss + commit + save + exit |