Merge branch 'kenwood' of 192.168.100.1:git/vyatta-cfg-system into kenwood

6 files changed, 30 insertions, 26 deletions

diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def
index 25a5a97a..1c56d221 100644
--- a/templates/service/ssh/allow-root/node.def
+++ b/templates/service/ssh/allow-root/node.def
@@ -1,14 +1,5 @@
-type: bool
-default: false
-help: Enable/disable root login over ssh
-update: if [ "$VAR(@)" == "true" ];
-	then regex='/^PermitRootLogin/s/no/yes/'
-	else regex='/^PermitRootLogin/s/yes/no/'
-	fi
-	sudo sed -i -e "$regex" /etc/ssh/sshd_config
+help: Enable root login over ssh
 
-comp_help: possible completions:
-  true     Enable root login over ssh
-  false    Disable root login over ssh
+update: sudo sed -i -e '/^PermitRootLogin/s/no/yes/' /etc/ssh/sshd_config
 
-allowed: echo "true false"
+delete: sudo sed -i -e '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/disable-password-authentication/node.def b/templates/service/ssh/disable-password-authentication/node.def
new file mode 100644
index 00000000..59abacfc
--- /dev/null
+++ b/templates/service/ssh/disable-password-authentication/node.def
@@ -0,0 +1,5 @@
+help: Don't allow unknown user to login with password
+
+update: sudo sed -i -e '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^PasswordAuthentication/s/no/yes/' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/password-authentication/node.def b/templates/service/ssh/password-authentication/node.def
deleted file mode 100644
index c17dd47c..00000000
--- a/templates/service/ssh/password-authentication/node.def
+++ /dev/null
@@ -1,14 +0,0 @@
-type: bool
-default: true
-help: Allow user's to login with password
-update: if [ "$VAR(@)" == "true" ];
-	then regex='/^PasswordAuthentication/s/no/yes/'
-	else regex='/^PasswordAuthentication/s/yes/no/'
-	fi
-	sudo sed -i -e "$regex" /etc/ssh/sshd_config
-
-comp_help: possible completions:
-  true     Allow authentication with password
-  false    Disable authentication with password (secure)
-
-allowed: echo "true false"
diff --git a/templates/system/login/user/node.tag/authorized-keys/node.def b/templates/system/login/user/node.tag/authorized-keys/node.def
new file mode 100644
index 00000000..4ca232f8
--- /dev/null
+++ b/templates/system/login/user/node.tag/authorized-keys/node.def
@@ -0,0 +1,16 @@
+tag:
+type: txt
+help: Set public keys for authorized login
+
+syntax:expression: pattern $VAR(@) "^[0-9A-Za-z+/=]*$" ; "Invalid public key not base-64"
+
+commit:expression: $VAR(key-type) != "" ; "key-type must be specified"
+
+comp_help: 
+   Public key of remote user allowed to login without password
+   The key must be encode as base-64 text string. The key is usually
+   several hundred bytes long (because of the size of the public key
+   encoding).  You don't want to type them in; instead, use the
+   script ssh-load-key to set them.
+
+
diff --git a/templates/system/login/user/node.tag/authorized-keys/node.tag/description/node.def b/templates/system/login/user/node.tag/authorized-keys/node.tag/description/node.def
new file mode 100644
index 00000000..7c81ff12
--- /dev/null
+++ b/templates/system/login/user/node.tag/authorized-keys/node.tag/description/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Ssh public-key description (usually user@host)
diff --git a/templates/system/login/user/node.tag/authorized-keys/node.tag/key-type/node.def b/templates/system/login/user/node.tag/authorized-keys/node.tag/key-type/node.def
new file mode 100644
index 00000000..54482824
--- /dev/null
+++ b/templates/system/login/user/node.tag/authorized-keys/node.tag/key-type/node.def
@@ -0,0 +1,4 @@
+type: txt
+help: Public key type
+allowed: echo "ssh-dsa ssh-rsa"
+syntax:expression: $VAR(@) in "ssh-rsa", "ssh-dsa"