VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos-contrib/veeos-1x.git) https://git.amelek.net/vyos-contrib/veeos-1x.git/atom?h=circinus 2023-12-31T22:49:48+00:00 2023-12-31T22:49:48+00:00 Christian Breunig christian@breunig.cc 2023-12-30T22:25:20+00:00 urn:sha1:4ef110fd2c501b718344c72d495ad7e16d2bd465 We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in 2023-11-14T08:07:36+00:00 Christian Breunig christian@breunig.cc 2023-11-14T08:07:36+00:00 urn:sha1:dccca4307339d13e5c3ae78058194baf2fd04002 2023-09-13T18:02:32+00:00 zsdc taras@vyos.io 2023-09-13T10:16:20+00:00 urn:sha1:1c804685d05ad639bcb1a9ebce68a7a14268500f In CLI we can choose authentication logic: - `mandatory` - if TACACS+ answered with `REJECT`, authentication must be stopped and access denied immediately. - `optional` (default) - if TACACS+ answers with `REJECT`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if TACACS+ clearly answered that access should be denied (no user in TACACS+ database, wrong password, etc.). If TACACS+ is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode. 2023-08-18T06:30:05+00:00 Christian Breunig christian@breunig.cc 2023-08-18T06:29:27+00:00 urn:sha1:6c00ee0c848640fe5c0d85d0a71106a7215ac902 his extends commit b9655365b ("login: T5490: add stricter validation for home-directory path") by adding a dot to the REGEX allow list. This was previously allowed and covered in out smoketests which failed. 2023-08-17T18:37:34+00:00 Christian Breunig christian@breunig.cc 2023-08-17T18:37:34+00:00 urn:sha1:b9655365bcc0518babdc32b094da488fada3f2f0 2023-06-22T20:37:41+00:00 Christian Breunig christian@breunig.cc 2023-06-21T20:11:44+00:00 urn:sha1:3ec727670de02cac06321719a0323650046d54a1 2023-05-05T20:52:06+00:00 Christian Breunig christian@breunig.cc 2023-05-05T20:52:06+00:00 urn:sha1:2c8647350a771a8e28db03ec82cda20b58db7323 2023-04-04T14:47:47+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-04-04T14:10:56+00:00 urn:sha1:a1ffb5e73760e0caaca2deb8fc5a18840f968f1c maxsyslogins maximum number of all logins on system; user is not allowed to log-in if total number of all user logins is greater than specified number (this limit does not apply to user with uid=0) set system login max-login-session 2 2023-03-02T14:14:47+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2023-03-02T13:54:37+00:00 urn:sha1:19ad6dc524bcf963d2c0725a36329cb1176533b4 Since glibc 2.7, the SHA-256 and SHA-512 implementations support a user-supplied number of hashing rounds, defaulting to 5000. If the "$id$" characters in the salt are followed by "rounds=xxx$", where xxx is an integer, then the result has the form $id$rounds=yyy$salt$encrypted where yyy is the number of hashing rounds actually used. The number of rounds actually used is 1000 if xxx is less than 1000, 999999999 if xxx is greater than 999999999, and is equal to xxx otherwise. 2022-11-18T14:07:19+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-11-18T14:07:19+00:00 urn:sha1:6458f99cc31bb8965648cf78149d2ac4088e0892 Requires full key type name like sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com