summaryrefslogtreecommitdiff
path: root/templates/service
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2009-12-03 10:55:59 -0800
committerStephen Hemminger <stephen.hemminger@vyatta.com>2009-12-03 10:55:59 -0800
commita83faa7789ddb8c930a973774e5cedf062e10919 (patch)
tree30419b551f7242518182ac13e2440e878eb9c089 /templates/service
parentee87a223623a80469beec50a2c0b6c0c121fe99b (diff)
downloadvyatta-cfg-system-a83faa7789ddb8c930a973774e5cedf062e10919.tar.gz
vyatta-cfg-system-a83faa7789ddb8c930a973774e5cedf062e10919.zip
SSH enhancements
Add public key support Convert allow-root and password-authentication from boolean nodes to regular nodes.
Diffstat (limited to 'templates/service')
-rw-r--r--templates/service/ssh/allow-root/node.def15
-rw-r--r--templates/service/ssh/disable-password-authentication/node.def5
-rw-r--r--templates/service/ssh/password-authentication/node.def14
3 files changed, 8 insertions, 26 deletions
diff --git a/templates/service/ssh/allow-root/node.def b/templates/service/ssh/allow-root/node.def
index 25a5a97a..1c56d221 100644
--- a/templates/service/ssh/allow-root/node.def
+++ b/templates/service/ssh/allow-root/node.def
@@ -1,14 +1,5 @@
-type: bool
-default: false
-help: Enable/disable root login over ssh
-update: if [ "$VAR(@)" == "true" ];
- then regex='/^PermitRootLogin/s/no/yes/'
- else regex='/^PermitRootLogin/s/yes/no/'
- fi
- sudo sed -i -e "$regex" /etc/ssh/sshd_config
+help: Enable root login over ssh
-comp_help: possible completions:
- true Enable root login over ssh
- false Disable root login over ssh
+update: sudo sed -i -e '/^PermitRootLogin/s/no/yes/' /etc/ssh/sshd_config
-allowed: echo "true false"
+delete: sudo sed -i -e '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/disable-password-authentication/node.def b/templates/service/ssh/disable-password-authentication/node.def
new file mode 100644
index 00000000..59abacfc
--- /dev/null
+++ b/templates/service/ssh/disable-password-authentication/node.def
@@ -0,0 +1,5 @@
+help: Don't allow unknown user to login with password
+
+update: sudo sed -i -e '/^PasswordAuthentication/s/yes/no/' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^PasswordAuthentication/s/no/yes/' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/password-authentication/node.def b/templates/service/ssh/password-authentication/node.def
deleted file mode 100644
index c17dd47c..00000000
--- a/templates/service/ssh/password-authentication/node.def
+++ /dev/null
@@ -1,14 +0,0 @@
-type: bool
-default: true
-help: Allow user's to login with password
-update: if [ "$VAR(@)" == "true" ];
- then regex='/^PasswordAuthentication/s/no/yes/'
- else regex='/^PasswordAuthentication/s/yes/no/'
- fi
- sudo sed -i -e "$regex" /etc/ssh/sshd_config
-
-comp_help: possible completions:
- true Allow authentication with password
- false Disable authentication with password (secure)
-
-allowed: echo "true false"