summaryrefslogtreecommitdiff
path: root/templates/service
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2018-05-13 14:17:44 +0200
committerChristian Poessinger <christian@poessinger.com>2018-05-13 14:17:44 +0200
commit58bcf1639e1656643e3470e25fbbea0a707355a9 (patch)
treed5c2e25240f3825b5a1d9aed0d22258be7efdcc4 /templates/service
parent9f5c33ea3fb6101c7ce49abe3762d4d497c37ce9 (diff)
downloadvyatta-cfg-system-58bcf1639e1656643e3470e25fbbea0a707355a9.tar.gz
vyatta-cfg-system-58bcf1639e1656643e3470e25fbbea0a707355a9.zip
T631: Rewrite SSH configuration as XML interface definition
Diffstat (limited to 'templates/service')
-rw-r--r--templates/service/ssh/access-control/allow-groups/node.def11
-rw-r--r--templates/service/ssh/access-control/allow-users/node.def11
-rw-r--r--templates/service/ssh/access-control/deny-groups/node.def11
-rw-r--r--templates/service/ssh/access-control/deny-users/node.def11
-rw-r--r--templates/service/ssh/access-control/node.def2
-rw-r--r--templates/service/ssh/allow-root/node.def5
-rw-r--r--templates/service/ssh/ciphers/node.def34
-rw-r--r--templates/service/ssh/disable-host-validation/node.def6
-rw-r--r--templates/service/ssh/disable-password-authentication/node.def5
-rw-r--r--templates/service/ssh/key-exchange/node.def12
-rw-r--r--templates/service/ssh/listen-address/node.def10
-rw-r--r--templates/service/ssh/loglevel/node.def19
-rw-r--r--templates/service/ssh/macs/node.def11
-rw-r--r--templates/service/ssh/node.def8
-rw-r--r--templates/service/ssh/port/node.def7
15 files changed, 0 insertions, 163 deletions
diff --git a/templates/service/ssh/access-control/allow-groups/node.def b/templates/service/ssh/access-control/allow-groups/node.def
deleted file mode 100644
index 2d6aa75b..00000000
--- a/templates/service/ssh/access-control/allow-groups/node.def
+++ /dev/null
@@ -1,11 +0,0 @@
-type: txt
-help: Configure sshd_config access control for allowed groups.
-comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list.
-
-create: sudo sed -i -e '$ a \
-AllowGroups $VAR(@)' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^AllowGroups $VAR(@)$/d' /etc/ssh/sshd_config
-
-update: sudo sed -i -e '/^AllowGroups.*$/c \
-AllowGroups $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/access-control/allow-users/node.def b/templates/service/ssh/access-control/allow-users/node.def
deleted file mode 100644
index 2052bf69..00000000
--- a/templates/service/ssh/access-control/allow-users/node.def
+++ /dev/null
@@ -1,11 +0,0 @@
-type: txt
-help: Configure sshd_config access control for allowed users.
-comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list.
-
-create: sudo sed -i -e '$ a \
-AllowUsers $VAR(@)' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^AllowUsers $VAR(@)$/d' /etc/ssh/sshd_config
-
-update: sudo sed -i -e '/^AllowUsers.*$/c \
-AllowUsers $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/access-control/deny-groups/node.def b/templates/service/ssh/access-control/deny-groups/node.def
deleted file mode 100644
index c2c8dcab..00000000
--- a/templates/service/ssh/access-control/deny-groups/node.def
+++ /dev/null
@@ -1,11 +0,0 @@
-type: txt
-help: Configure sshd_config access control for disallowed groups.
-comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list.
-
-create: sudo sed -i -e '$ a \
-DenyGroups $VAR(@)' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^DenyGroups $VAR(@)$/d' /etc/ssh/sshd_config
-
-update: sudo sed -i -e '/^DenyGroups.*$/c \
-DenyGroups $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/access-control/deny-users/node.def b/templates/service/ssh/access-control/deny-users/node.def
deleted file mode 100644
index a6426f90..00000000
--- a/templates/service/ssh/access-control/deny-users/node.def
+++ /dev/null
@@ -1,11 +0,0 @@
-type: txt
-help: Configure sshd_config access control for disallowed users.
-comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list.
-
-create: sudo sed -i -e '$ a \
-DenyUsers $VAR(@)' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^DenyUsers $VAR(@)$/d' /etc/ssh/sshd_config
-
-update: sudo sed -i -e '/^DenyUsers.*$/c \
-DenyUsers $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/access-control/node.def b/templates/service/ssh/access-control/node.def
deleted file mode 100644
index 8f6ca6e7..00000000
--- a/templates/service/ssh/access-control/node.def
+++ /dev/null
@@ -1,2 +0,0 @@
-help: SSH user/group access controls
-comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list.
diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def
deleted file mode 100644
index 2f8e4354..00000000
--- a/templates/service/ssh/allow-root/node.def
+++ /dev/null
@@ -1,5 +0,0 @@
-help: Enable root login over ssh
-
-create: sudo sed -i -e '/^PermitRootLogin/s/no\|without-password\|yes/yes/' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^PermitRootLogin/s/no\|without-password\|yes/no/' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/ciphers/node.def b/templates/service/ssh/ciphers/node.def
deleted file mode 100644
index b5e5af68..00000000
--- a/templates/service/ssh/ciphers/node.def
+++ /dev/null
@@ -1,34 +0,0 @@
-type: txt
-help: Allowed ciphers
-val_help: txt; Cipher string
-val_help: aes128-gcm@openssh.com; AES 128 GCM
-val_help: aes256-gcm@openssh.com; AES 256 GCM
-val_help: chacha20-poly1305@openssh.com; ChaCha20 Poly1305
-val_help: 3des-cbc; 3DES CBC (weak)
-val_help: aes128-cbc; AES 128 CBC
-val_help: aes192-cbc; AES 192 CBC
-val_help: aes256-cbc; AES 256 CBC
-val_help: aes128-ctr; AES 128 CTR
-val_help: aes192-ctr; AES 192 CTR
-val_help: aes256-ctr; AES 256 CTR
-val_help: arcfour128; AC4 128 (broken)
-val_help: arcfour256; AC4 256 (broken)
-val_help: arcfour; AC4 (broken)
-val_help: blowfish-cbc; Blowfish CBC
-val_help: cast128-cbc; CAST 128 CBC
-comp_help: Multiple ciphers can be specified as a comma-separated list.
-
-syntax:expression: pattern $VAR(@) "^((aes128-gcm@openssh.com|\
-aes256-gcm@openssh.com|chacha20-poly1305@openssh.com|\
-3des-cbc|aes128-cbc|aes192-cbc|aes256-cbc|aes128-ctr|aes192-ctr|\
-aes256-ctr|arcfour128|arcfour256|arcfour|\
-blowfish-cbc|cast128-cbc)(,|$))+$"; \
-"$VAR(@) is not a valid cipher list"
-
-create: sudo sed -i -e '$ a \
-Ciphers $VAR(@)' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^Ciphers $VAR(@)$/d' /etc/ssh/sshd_config
-
-update: sudo sed -i -e '/^Ciphers.*$/c \
-Ciphers $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/disable-host-validation/node.def b/templates/service/ssh/disable-host-validation/node.def
deleted file mode 100644
index fff28dbd..00000000
--- a/templates/service/ssh/disable-host-validation/node.def
+++ /dev/null
@@ -1,6 +0,0 @@
-help: Don't validate the remote host name with DNS
-
-update: sudo sed -i -e '/^UseDNS/s/yes/no/' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^UseDNS/s/no/yes/' /etc/ssh/sshd_config
-
diff --git a/templates/service/ssh/disable-password-authentication/node.def b/templates/service/ssh/disable-password-authentication/node.def
deleted file mode 100644
index 59abacfc..00000000
--- a/templates/service/ssh/disable-password-authentication/node.def
+++ /dev/null
@@ -1,5 +0,0 @@
-help: Don't allow unknown user to login with password
-
-update: sudo sed -i -e '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^PasswordAuthentication/s/no/yes/' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/key-exchange/node.def b/templates/service/ssh/key-exchange/node.def
deleted file mode 100644
index 00df581a..00000000
--- a/templates/service/ssh/key-exchange/node.def
+++ /dev/null
@@ -1,12 +0,0 @@
-type: txt
-help: Key exchange algorithms
-
-allowed: ssh -Q kex | perl -ne '$_=~s/\n/ /;print'
-
-create: sudo sed -i -e '$ a \
-KexAlgorithms $VAR(@)' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^KexAlgorithms $VAR(@)$/d' /etc/ssh/sshd_config
-
-update: sudo sed -i -e '/^KexAlgorithms.*$/c \
-KexAlgorithms $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/listen-address/node.def b/templates/service/ssh/listen-address/node.def
deleted file mode 100644
index aeff03f2..00000000
--- a/templates/service/ssh/listen-address/node.def
+++ /dev/null
@@ -1,10 +0,0 @@
-multi:
-type: ipv4,ipv6
-help: Local addresses SSH service should listen on
-val_help: ipv4: IP address to listen for incoming connections
-val_help: ipv6: IPv6 address to listen for incoming connections
-
-create: sudo sed -i -e '/^Port/a \
-ListenAddress $VAR(@)' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^ListenAddress $VAR(@)$/d' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/loglevel/node.def b/templates/service/ssh/loglevel/node.def
deleted file mode 100644
index f66ec068..00000000
--- a/templates/service/ssh/loglevel/node.def
+++ /dev/null
@@ -1,19 +0,0 @@
-type: txt
-help: Log Level
-val_help: QUIET; stay silent
-val_help: FATAL; log fatals only
-val_help: ERROR; log errors and fatals only
-val_help: INFO; default log level
-val_help: VERBOSE; enable logging of failed login attempts
-comp_help: Gives the verbosity level that is used when logging messages from sshd(8). The default is INFO.
-
-syntax:expression: pattern $VAR(@) "^((QUIET|FATAL|ERROR|INFO|VERBOSE)(,|$))+$"; \
-"$VAR(@) is not a valid log level"
-
-create: sudo sed -i -e '/^LogLevel.*$/c \
-LogLevel $VAR(@)' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^LogLevel $VAR(@)$/d' /etc/ssh/sshd_config
-
-update: sudo sed -i -e '/^LogLevel.*$/c \
-LogLevel $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/macs/node.def b/templates/service/ssh/macs/node.def
deleted file mode 100644
index f9bf4176..00000000
--- a/templates/service/ssh/macs/node.def
+++ /dev/null
@@ -1,11 +0,0 @@
-type: txt
-help: Allowed message authentication algorithms
-comp_help: Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. See 'ssh -Q mac' for supported MACs.
-
-create: sudo sed -i -e '$ a \
-MACs $VAR(@)' /etc/ssh/sshd_config
-
-delete: sudo sed -i -e '/^MACs $VAR(@)$/d' /etc/ssh/sshd_config
-
-update: sudo sed -i -e '/^MACs.*$/c \
-MACs $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/node.def b/templates/service/ssh/node.def
deleted file mode 100644
index 7117a2fd..00000000
--- a/templates/service/ssh/node.def
+++ /dev/null
@@ -1,8 +0,0 @@
-priority: 500 # After syslog and logins
-help: Secure SHell (SSH) protocol
-delete:sudo /usr/sbin/invoke-rc.d ssh stop
- sudo sh -c "echo 'SSHD_OPTS=' > /etc/default/ssh"
-end: if [ -z "$VAR(port/@)" ]; then exit 0; fi
- STR="SSHD_OPTS=\"-p $VAR(port/@)\""
- sudo sh -c "echo '$STR' > /etc/default/ssh"
- sudo /usr/sbin/invoke-rc.d ssh restart
diff --git a/templates/service/ssh/port/node.def b/templates/service/ssh/port/node.def
deleted file mode 100644
index d4f53378..00000000
--- a/templates/service/ssh/port/node.def
+++ /dev/null
@@ -1,7 +0,0 @@
-type: u32
-default: 22
-help: Port for SSH service
-val_help: u32:1-65535; Numeric IP port
-
-syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \
- "Port number must be in range 1 to 65535"