diff options
author | Daniil Baturin <daniil@baturin.org> | 2014-08-03 12:42:27 +0200 |
---|---|---|
committer | Daniil Baturin <daniil@baturin.org> | 2014-08-03 12:42:27 +0200 |
commit | b4baf60c03a1bece8798c62cc4cd20b938264ae5 (patch) | |
tree | b46ef14993543b27518b7e8ca302c0d9da851cce /templates/service/ssh/ciphers/node.def | |
parent | 78dc5af360091da6faa93023564020eaeee4d2e9 (diff) | |
download | vyatta-cfg-system-b4baf60c03a1bece8798c62cc4cd20b938264ae5.tar.gz vyatta-cfg-system-b4baf60c03a1bece8798c62cc4cd20b938264ae5.zip |
Bug #237: improve ciphers option help and value validation.
Diffstat (limited to 'templates/service/ssh/ciphers/node.def')
-rw-r--r-- | templates/service/ssh/ciphers/node.def | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def index 0ab5fb8f..7eab846e 100644 --- a/templates/service/ssh/ciphers/node.def +++ b/templates/service/ssh/ciphers/node.def @@ -1,5 +1,24 @@ type: txt -help: Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. See 'man sshd_config' for supported ciphers. +help: Allowed ciphers +val_help: txt; Cipher string +val_help: 3des-cbc; 3DES CBC +val_help: aes128-cbc; AES 128 CBC +val_help: aes192-cbc; AES 192 CBC +val_help: aes256-cbc; AES 256 CBC +val_help: aes128-ctr; AES 128 CTR +val_help: aes192-ctr; AES 192 CTR +val_help: aes256-ctr; AES 256 CTR +val_help: arcfour128; AC4 128 +val_help: arcfour256; AC4 256 +val_help: arcfour; AC4 +val_help: blowfish-cbc; Blowfish CBC +val_help: cast128-cbc; CAST 128 CBC +comp_help: Multiple ciphers can be specified as a comma-separated list. + +syntax:expression: pattern $VAR(@) "^((3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ +aes256-ctr|arcfour128|arcfour256|arcfour|\ +blowfish-cbc|cast128-cbc)(,|$))+$"; \ +"$VAR(@) is not a valid cipher list" create: sudo sed -i -e '$ a \ Ciphers $VAR(@)' /etc/ssh/sshd_config @@ -7,4 +26,4 @@ Ciphers $VAR(@)' /etc/ssh/sshd_config delete: sudo sed -i -e '/^Ciphers $VAR(@)$/d' /etc/ssh/sshd_config update: sudo sed -i -e '/^Ciphers/c \ -Ciphers $VAR(@)' /etc/ssh/sshd_config
\ No newline at end of file +Ciphers $VAR(@)' /etc/ssh/sshd_config |