From 246cae741455024e180208c2aba44851af74f245 Mon Sep 17 00:00:00 2001 From: erkin Date: Thu, 20 Aug 2020 15:08:07 +0300 Subject: Fix RST typo and add update SSH service commands --- docs/services/ssh.rst | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst index b60d592d..38ad68e0 100644 --- a/docs/services/ssh.rst +++ b/docs/services/ssh.rst @@ -53,7 +53,7 @@ choose from the following ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, Disable password based authentication. Login via SSH keys only. This hardens security! -.. cfgcmd: set service ssh disable-host-validation +.. cfgcmd:: set service ssh disable-host-validation Disable the host validation through reverse DNS lookups - can speedup login time when reverse lookup is not possible. @@ -74,5 +74,33 @@ Multiple algorithms can be provided. Supported MACs: ``hmac-md5``, .. note:: VyOS 1.1 supported login as user ``root``. This has been removed due to tighter security in VyOS 1.2. -.. seealso:: SSH :ref:`ssh_key_based_authentication` +.. cfgcmd:: set service ssh access-control + +Add access-control directive to allow or deny users and groups. Directives are +processed in the following order: ``deny-users``, ``allow-users``, +``deny-groups`` and ``allow-groups``. + +.. cfgcmd:: set service ssh client-keepalive-interval + +Specify timeout interval for keepalive message in seconds. + +.. cfgcmd:: set service ssh key-exchange + +Specify allowed :abbr:`KEX (Key Exchange)` algorithms. +Supported algorithms: ``diffie-hellman-group1-sha1``, +``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, +``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, +``diffie-hellman-group-exchange-sha1``, +``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256 +ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and +``curve25519-sha256@libssh.org``. +.. cfgcmd:: set service ssh loglevel + +Set the ``sshd`` log level. The default is ``info``. + +.. cmfcmd:: set service ssh vrf + +Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance. + +.. seealso:: SSH :ref:`ssh_key_based_authentication` -- cgit v1.2.3 From 5f2fb34c412691d1544e92e7186274c8a0a3db58 Mon Sep 17 00:00:00 2001 From: erkin Date: Thu, 20 Aug 2020 15:11:12 +0300 Subject: Minor corrections to the SSH service --- docs/services/ssh.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs') diff --git a/docs/services/ssh.rst b/docs/services/ssh.rst index 38ad68e0..c5959e5c 100644 --- a/docs/services/ssh.rst +++ b/docs/services/ssh.rst @@ -77,7 +77,7 @@ Multiple algorithms can be provided. Supported MACs: ``hmac-md5``, .. cfgcmd:: set service ssh access-control Add access-control directive to allow or deny users and groups. Directives are -processed in the following order: ``deny-users``, ``allow-users``, +processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``. .. cfgcmd:: set service ssh client-keepalive-interval @@ -91,8 +91,8 @@ Supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, -``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256 -ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and +``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, +``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``. .. cfgcmd:: set service ssh loglevel -- cgit v1.2.3