summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorKim <kim.sidney@gmail.com>2018-01-03 09:57:14 +0100
committerGitHub <noreply@github.com>2018-01-03 09:57:14 +0100
commit8cf9428ad9082e0a8ed313a0ceb3a336d5107225 (patch)
treeb2704c8673e7b385241adbdec670ed488eaeb42a /templates
parent2734d04448f47b8a9dc94a85ca5b7d67f2e93085 (diff)
parentc4b7a6a89d8309ffef66c7ddf9a74e03eef6c83f (diff)
downloadvyatta-cfg-system-8cf9428ad9082e0a8ed313a0ceb3a336d5107225.tar.gz
vyatta-cfg-system-8cf9428ad9082e0a8ed313a0ceb3a336d5107225.zip
Merge pull request #68 from alainlamar/t122-sshd
T122: Add config nodes for user/group access controls in sshd_config
Diffstat (limited to 'templates')
-rw-r--r--templates/service/ssh/access-control/allow-groups/node.def11
-rw-r--r--templates/service/ssh/access-control/allow-users/node.def11
-rw-r--r--templates/service/ssh/access-control/deny-groups/node.def11
-rw-r--r--templates/service/ssh/access-control/deny-users/node.def11
-rw-r--r--templates/service/ssh/access-control/node.def2
5 files changed, 46 insertions, 0 deletions
diff --git a/templates/service/ssh/access-control/allow-groups/node.def b/templates/service/ssh/access-control/allow-groups/node.def
new file mode 100644
index 00000000..2d6aa75b
--- /dev/null
+++ b/templates/service/ssh/access-control/allow-groups/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: Configure sshd_config access control for allowed groups.
+comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list.
+
+create: sudo sed -i -e '$ a \
+AllowGroups $VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^AllowGroups $VAR(@)$/d' /etc/ssh/sshd_config
+
+update: sudo sed -i -e '/^AllowGroups.*$/c \
+AllowGroups $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/access-control/allow-users/node.def b/templates/service/ssh/access-control/allow-users/node.def
new file mode 100644
index 00000000..2052bf69
--- /dev/null
+++ b/templates/service/ssh/access-control/allow-users/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: Configure sshd_config access control for allowed users.
+comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list.
+
+create: sudo sed -i -e '$ a \
+AllowUsers $VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^AllowUsers $VAR(@)$/d' /etc/ssh/sshd_config
+
+update: sudo sed -i -e '/^AllowUsers.*$/c \
+AllowUsers $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/access-control/deny-groups/node.def b/templates/service/ssh/access-control/deny-groups/node.def
new file mode 100644
index 00000000..c2c8dcab
--- /dev/null
+++ b/templates/service/ssh/access-control/deny-groups/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: Configure sshd_config access control for disallowed groups.
+comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple groups can be specified as a comma-separated list.
+
+create: sudo sed -i -e '$ a \
+DenyGroups $VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^DenyGroups $VAR(@)$/d' /etc/ssh/sshd_config
+
+update: sudo sed -i -e '/^DenyGroups.*$/c \
+DenyGroups $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/access-control/deny-users/node.def b/templates/service/ssh/access-control/deny-users/node.def
new file mode 100644
index 00000000..a6426f90
--- /dev/null
+++ b/templates/service/ssh/access-control/deny-users/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: Configure sshd_config access control for disallowed users.
+comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list.
+
+create: sudo sed -i -e '$ a \
+DenyUsers $VAR(@)' /etc/ssh/sshd_config
+
+delete: sudo sed -i -e '/^DenyUsers $VAR(@)$/d' /etc/ssh/sshd_config
+
+update: sudo sed -i -e '/^DenyUsers.*$/c \
+DenyUsers $VAR(@)' /etc/ssh/sshd_config
diff --git a/templates/service/ssh/access-control/node.def b/templates/service/ssh/access-control/node.def
new file mode 100644
index 00000000..8f6ca6e7
--- /dev/null
+++ b/templates/service/ssh/access-control/node.def
@@ -0,0 +1,2 @@
+help: SSH user/group access controls
+comp_help: The SSH user and group access control directives (allow/deny) are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. Multiple users can be specified as a comma-separated list.