diff options
author | Christian Poessinger <christian@poessinger.com> | 2018-05-13 14:17:44 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2018-05-13 14:17:44 +0200 |
commit | 58bcf1639e1656643e3470e25fbbea0a707355a9 (patch) | |
tree | d5c2e25240f3825b5a1d9aed0d22258be7efdcc4 /templates/service | |
parent | 9f5c33ea3fb6101c7ce49abe3762d4d497c37ce9 (diff) | |
download | vyatta-cfg-system-58bcf1639e1656643e3470e25fbbea0a707355a9.tar.gz vyatta-cfg-system-58bcf1639e1656643e3470e25fbbea0a707355a9.zip |
T631: Rewrite SSH configuration as XML interface definition
Diffstat (limited to 'templates/service')
-rw-r--r-- | templates/service/ssh/access-control/allow-groups/node.def | 11 | ||||
-rw-r--r-- | templates/service/ssh/access-control/allow-users/node.def | 11 | ||||
-rw-r--r-- | templates/service/ssh/access-control/deny-groups/node.def | 11 | ||||
-rw-r--r-- | templates/service/ssh/access-control/deny-users/node.def | 11 | ||||
-rw-r--r-- | templates/service/ssh/access-control/node.def | 2 | ||||
-rw-r--r-- | templates/service/ssh/allow-root/node.def | 5 | ||||
-rw-r--r-- | templates/service/ssh/ciphers/node.def | 34 | ||||
-rw-r--r-- | templates/service/ssh/disable-host-validation/node.def | 6 | ||||
-rw-r--r-- | templates/service/ssh/disable-password-authentication/node.def | 5 | ||||
-rw-r--r-- | templates/service/ssh/key-exchange/node.def | 12 | ||||
-rw-r--r-- | templates/service/ssh/listen-address/node.def | 10 | ||||
-rw-r--r-- | templates/service/ssh/loglevel/node.def | 19 | ||||
-rw-r--r-- | templates/service/ssh/macs/node.def | 11 | ||||
-rw-r--r-- | templates/service/ssh/node.def | 8 | ||||
-rw-r--r-- | templates/service/ssh/port/node.def | 7 |
15 files changed, 0 insertions, 163 deletions
diff --git a/templates/service/ssh/access-control/allow-groups/node.def b/templates/service/ssh/access-control/allow-groups/node.def deleted file mode 100644 index 2d6aa75b..00000000 --- a/templates/service/ssh/access-control/allow-groups/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for allowed groups. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -AllowGroups $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^AllowGroups $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^AllowGroups.*$/c \ -AllowGroups $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/access-control/allow-users/node.def b/templates/service/ssh/access-control/allow-users/node.def deleted file mode 100644 index 2052bf69..00000000 --- a/templates/service/ssh/access-control/allow-users/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for allowed users. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -AllowUsers $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^AllowUsers $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^AllowUsers.*$/c \ -AllowUsers $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/access-control/deny-groups/node.def b/templates/service/ssh/access-control/deny-groups/node.def deleted file mode 100644 index c2c8dcab..00000000 --- a/templates/service/ssh/access-control/deny-groups/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for disallowed groups. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -DenyGroups $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^DenyGroups $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^DenyGroups.*$/c \ -DenyGroups $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/access-control/deny-users/node.def b/templates/service/ssh/access-control/deny-users/node.def deleted file mode 100644 index a6426f90..00000000 --- a/templates/service/ssh/access-control/deny-users/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Configure sshd_config access control for disallowed users. -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. - -create: sudo sed -i -e '$ a \ -DenyUsers $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^DenyUsers $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^DenyUsers.*$/c \ -DenyUsers $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/access-control/node.def b/templates/service/ssh/access-control/node.def deleted file mode 100644 index 8f6ca6e7..00000000 --- a/templates/service/ssh/access-control/node.def +++ /dev/null @@ -1,2 +0,0 @@ -help: SSH user/group access controls -comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list. diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def deleted file mode 100644 index 2f8e4354..00000000 --- a/templates/service/ssh/allow-root/node.def +++ /dev/null @@ -1,5 +0,0 @@ -help: Enable root login over ssh - -create: sudo sed -i -e '/^PermitRootLogin/s/no\|without-password\|yes/yes/' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^PermitRootLogin/s/no\|without-password\|yes/no/' /etc/ssh/sshd_config diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def deleted file mode 100644 index b5e5af68..00000000 --- a/templates/service/ssh/ciphers/node.def +++ /dev/null @@ -1,34 +0,0 @@ -type: txt -help: Allowed ciphers -val_help: txt; Cipher string -val_help: aes128-gcm@openssh.com; AES 128 GCM -val_help: aes256-gcm@openssh.com; AES 256 GCM -val_help: chacha20-poly1305@openssh.com; ChaCha20 Poly1305 -val_help: 3des-cbc; 3DES CBC (weak) -val_help: aes128-cbc; AES 128 CBC -val_help: aes192-cbc; AES 192 CBC -val_help: aes256-cbc; AES 256 CBC -val_help: aes128-ctr; AES 128 CTR -val_help: aes192-ctr; AES 192 CTR -val_help: aes256-ctr; AES 256 CTR -val_help: arcfour128; AC4 128 (broken) -val_help: arcfour256; AC4 256 (broken) -val_help: arcfour; AC4 (broken) -val_help: blowfish-cbc; Blowfish CBC -val_help: cast128-cbc; CAST 128 CBC -comp_help: Multiple ciphers can be specified as a comma-separated list. - -syntax:expression: pattern $VAR(@) "^((aes128-gcm@openssh.com|\ -aes256-gcm@openssh.com|chacha20-poly1305@openssh.com|\ -3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\ -aes256-ctr|arcfour128|arcfour256|arcfour|\ -blowfish-cbc|cast128-cbc)(,|$))+$"; \ -"$VAR(@) is not a valid cipher list" - -create: sudo sed -i -e '$ a \ -Ciphers $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^Ciphers $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^Ciphers.*$/c \ -Ciphers $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/disable-host-validation/node.def b/templates/service/ssh/disable-host-validation/node.def deleted file mode 100644 index fff28dbd..00000000 --- a/templates/service/ssh/disable-host-validation/node.def +++ /dev/null @@ -1,6 +0,0 @@ -help: Don't validate the remote host name with DNS - -update: sudo sed -i -e '/^UseDNS/s/yes/no/' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^UseDNS/s/no/yes/' /etc/ssh/sshd_config - diff --git a/templates/service/ssh/disable-password-authentication/node.def b/templates/service/ssh/disable-password-authentication/node.def deleted file mode 100644 index 59abacfc..00000000 --- a/templates/service/ssh/disable-password-authentication/node.def +++ /dev/null @@ -1,5 +0,0 @@ -help: Don't allow unknown user to login with password - -update: sudo sed -i -e '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^PasswordAuthentication/s/no/yes/' /etc/ssh/sshd_config diff --git a/templates/service/ssh/key-exchange/node.def b/templates/service/ssh/key-exchange/node.def deleted file mode 100644 index 00df581a..00000000 --- a/templates/service/ssh/key-exchange/node.def +++ /dev/null @@ -1,12 +0,0 @@ -type: txt -help: Key exchange algorithms - -allowed: ssh -Q kex | perl -ne '$_=~s/\n/ /;print' - -create: sudo sed -i -e '$ a \ -KexAlgorithms $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^KexAlgorithms $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^KexAlgorithms.*$/c \ -KexAlgorithms $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/listen-address/node.def b/templates/service/ssh/listen-address/node.def deleted file mode 100644 index aeff03f2..00000000 --- a/templates/service/ssh/listen-address/node.def +++ /dev/null @@ -1,10 +0,0 @@ -multi: -type: ipv4,ipv6 -help: Local addresses SSH service should listen on -val_help: ipv4: IP address to listen for incoming connections -val_help: ipv6: IPv6 address to listen for incoming connections - -create: sudo sed -i -e '/^Port/a \ -ListenAddress $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^ListenAddress $VAR(@)$/d' /etc/ssh/sshd_config diff --git a/templates/service/ssh/loglevel/node.def b/templates/service/ssh/loglevel/node.def deleted file mode 100644 index f66ec068..00000000 --- a/templates/service/ssh/loglevel/node.def +++ /dev/null @@ -1,19 +0,0 @@ -type: txt -help: Log Level -val_help: QUIET; stay silent -val_help: FATAL; log fatals only -val_help: ERROR; log errors and fatals only -val_help: INFO; default log level -val_help: VERBOSE; enable logging of failed login attempts -comp_help: Gives the verbosity level that is used when logging messages from sshd(8). The default is INFO. - -syntax:expression: pattern $VAR(@) "^((QUIET|FATAL|ERROR|INFO|VERBOSE)(,|$))+$"; \ -"$VAR(@) is not a valid log level" - -create: sudo sed -i -e '/^LogLevel.*$/c \ -LogLevel $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^LogLevel $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^LogLevel.*$/c \ -LogLevel $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/macs/node.def b/templates/service/ssh/macs/node.def deleted file mode 100644 index f9bf4176..00000000 --- a/templates/service/ssh/macs/node.def +++ /dev/null @@ -1,11 +0,0 @@ -type: txt -help: Allowed message authentication algorithms -comp_help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'ssh -Q mac' for supported MACs. - -create: sudo sed -i -e '$ a \ -MACs $VAR(@)' /etc/ssh/sshd_config - -delete: sudo sed -i -e '/^MACs $VAR(@)$/d' /etc/ssh/sshd_config - -update: sudo sed -i -e '/^MACs.*$/c \ -MACs $VAR(@)' /etc/ssh/sshd_config diff --git a/templates/service/ssh/node.def b/templates/service/ssh/node.def deleted file mode 100644 index 7117a2fd..00000000 --- a/templates/service/ssh/node.def +++ /dev/null @@ -1,8 +0,0 @@ -priority: 500 # After syslog and logins -help: Secure SHell (SSH) protocol -delete:sudo /usr/sbin/invoke-rc.d ssh stop - sudo sh -c "echo 'SSHD_OPTS=' > /etc/default/ssh" -end: if [ -z "$VAR(port/@)" ]; then exit 0; fi - STR="SSHD_OPTS=\"-p $VAR(port/@)\"" - sudo sh -c "echo '$STR' > /etc/default/ssh" - sudo /usr/sbin/invoke-rc.d ssh restart diff --git a/templates/service/ssh/port/node.def b/templates/service/ssh/port/node.def deleted file mode 100644 index d4f53378..00000000 --- a/templates/service/ssh/port/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: u32 -default: 22 -help: Port for SSH service -val_help: u32:1-65535; Numeric IP port - -syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \ - "Port number must be in range 1 to 65535" |