diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-11-16 11:29:38 -0800 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-11-16 15:38:10 -0800 |
commit | 8960375b2a9f11d413152b67f81ca765b157c711 (patch) | |
tree | 29f906173a5264dea02f4d5d301c40d0a2e89b38 | |
parent | aa5623e32defe0412c47e38dbf9de5ed2448a975 (diff) | |
download | vyatta-cfg-system-8960375b2a9f11d413152b67f81ca765b157c711.tar.gz vyatta-cfg-system-8960375b2a9f11d413152b67f81ca765b157c711.zip |
Add option to disable host validation (DNS) for SSH
Bug 4970
New CLI control of UseDNS option to sshd_config
set service ssh disable-host-validation
-rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 2 | ||||
-rwxr-xr-x | scripts/rl-system.init | 8 | ||||
-rw-r--r-- | templates/service/ssh/disable-host-validation/node.def | 6 |
3 files changed, 13 insertions, 3 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 5346de90..bb29896c 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -43,6 +43,8 @@ if [ "$sysconfdir" != "/etc" ]; then # make sure PasswordAuthentication is on sed -i 's/^#PasswordAuthentication/PasswordAuthentication/' /etc/ssh/sshd_config sed -i '/^PasswordAuthentication/s/no/yes/' /etc/ssh/sshd_config + # add UseDNS line + echo 'UseDNS yes' >>/etc/ssh/sshd_config # for "admin" level sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers diff --git a/scripts/rl-system.init b/scripts/rl-system.init index 038653fe..fc328b7b 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -176,11 +176,13 @@ security_reset () { rm /usr/share/pam-configs/radius fi - # Disable root login with ssh - sed -i -e '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config - # Disable root login over telnet sed -i -e '/^# Pseudo-terminal (telnet)/,$d' /etc/securetty + + # Disable root login with ssh + # Renable DNS validation + sed -i -e '/^PermitRootLogin/s/yes/no/' \ + -e '/^UseDNS/s/no/yes/' /etc/ssh/sshd_config } start () { diff --git a/templates/service/ssh/disable-host-validation/node.def b/templates/service/ssh/disable-host-validation/node.def new file mode 100644 index 00000000..fff28dbd --- /dev/null +++ b/templates/service/ssh/disable-host-validation/node.def @@ -0,0 +1,6 @@ +help: Don't validate the remote host name with DNS + +update: sudo sed -i -e '/^UseDNS/s/yes/no/' /etc/ssh/sshd_config + +delete: sudo sed -i -e '/^UseDNS/s/no/yes/' /etc/ssh/sshd_config + |