summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@baturin.org>2014-08-03 12:42:27 +0200
committerDaniil Baturin <daniil@baturin.org>2014-08-03 12:42:27 +0200
commitb4baf60c03a1bece8798c62cc4cd20b938264ae5 (patch)
treeb46ef14993543b27518b7e8ca302c0d9da851cce
parent78dc5af360091da6faa93023564020eaeee4d2e9 (diff)
downloadvyatta-cfg-system-b4baf60c03a1bece8798c62cc4cd20b938264ae5.tar.gz
vyatta-cfg-system-b4baf60c03a1bece8798c62cc4cd20b938264ae5.zip
Bug #237: improve ciphers option help and value validation.
-rw-r--r--templates/service/ssh/ciphers/node.def23
1 files changed, 21 insertions, 2 deletions
diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def
index 0ab5fb8f..7eab846e 100644
--- a/templates/service/ssh/ciphers/node.def
+++ b/templates/service/ssh/ciphers/node.def
@@ -1,5 +1,24 @@
type: txt
-help: Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. See 'man sshd_config' for supported ciphers.
+help: Allowed ciphers
+val_help: txt; Cipher string
+val_help: 3des-cbc; 3DES CBC
+val_help: aes128-cbc; AES 128 CBC
+val_help: aes192-cbc; AES 192 CBC
+val_help: aes256-cbc; AES 256 CBC
+val_help: aes128-ctr; AES 128 CTR
+val_help: aes192-ctr; AES 192 CTR
+val_help: aes256-ctr; AES 256 CTR
+val_help: arcfour128; AC4 128
+val_help: arcfour256; AC4 256
+val_help: arcfour; AC4
+val_help: blowfish-cbc; Blowfish CBC
+val_help: cast128-cbc; CAST 128 CBC
+comp_help: Multiple ciphers can be specified as a comma-separated list.
+
+syntax:expression: pattern $VAR(@) "^((3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\
+aes256-ctr|arcfour128|arcfour256|arcfour|\
+blowfish-cbc|cast128-cbc)(,|$))+$"; \
+"$VAR(@) is not a valid cipher list"
create: sudo sed -i -e '$ a \
Ciphers $VAR(@)' /etc/ssh/sshd_config
@@ -7,4 +26,4 @@ Ciphers $VAR(@)' /etc/ssh/sshd_config
delete: sudo sed -i -e '/^Ciphers $VAR(@)$/d' /etc/ssh/sshd_config
update: sudo sed -i -e '/^Ciphers/c \
-Ciphers $VAR(@)' /etc/ssh/sshd_config \ No newline at end of file
+Ciphers $VAR(@)' /etc/ssh/sshd_config