Add option to disable host validation (DNS) for SSH

Bug 4970
New CLI control of UseDNS option to sshd_config

	set service ssh disable-host-validation

3 files changed, 13 insertions, 3 deletions

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 5346de90..bb29896c 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -43,6 +43,8 @@ if [ "$sysconfdir" != "/etc" ]; then
     # make sure PasswordAuthentication is on
     sed -i 's/^#PasswordAuthentication/PasswordAuthentication/' /etc/ssh/sshd_config
     sed -i '/^PasswordAuthentication/s/no/yes/' /etc/ssh/sshd_config
+    # add UseDNS line
+    echo 'UseDNS yes' >>/etc/ssh/sshd_config
 
     # for "admin" level
     sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers
diff --git a/scripts/rl-system.init b/scripts/rl-system.init
index 038653fe..fc328b7b 100755
--- a/scripts/rl-system.init
+++ b/scripts/rl-system.init
@@ -176,11 +176,13 @@ security_reset () {
 	rm /usr/share/pam-configs/radius
    fi
 
-   # Disable root login with ssh
-   sed -i -e '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
-
    # Disable root login over telnet
    sed -i -e '/^# Pseudo-terminal (telnet)/,$d' /etc/securetty
+
+   # Disable root login with ssh
+   # Renable DNS validation
+   sed -i -e '/^PermitRootLogin/s/yes/no/' \
+          -e '/^UseDNS/s/no/yes/' /etc/ssh/sshd_config
 }
 
 start () {
diff --git a/templates/service/ssh/disable-host-validation/node.def b/templates/service/ssh/disable-host-validation/node.def
new file mode 100644
index 00000000..fff28dbd
--- /dev/null
+++ b/templates/service/ssh/disable-host-validation/node.def
@@ -0,0 +1,6 @@
+help: Don't validate the remote host name with DNS
+
+update: sudo sed -i -e '/^UseDNS/s/yes/no/' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^UseDNS/s/no/yes/' /etc/ssh/sshd_config
+