vyos-1x.git/data/templates/login, branch current VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=current 2025-05-29T11:57:48+00:00 ssh: T6013: move principal name to "system login user <name> authentication" 2025-05-29T11:57:48+00:00 Christian Breunig christian@breunig.cc 2025-05-20T17:49:39+00:00 urn:sha1:81dfb64ebb3ea3c58c92e8f26e8610a46e4c50d2 We already support using per-user SSH public keys for system authentication. Instead of introducing a new CLI path to configure per-user principal names, we should continue using the existing CLI location and store the principal names alongside the corresponding SSH public keys. set system login user <name> principal <principal> The certificate used for SSH authentication contains an embedded principal name, which is defined under this CLI node. Only users with matching principal names are permitted to log in. login: T6712: add newline after motd warning message 2025-03-07T18:30:18+00:00 Christian Breunig christian@breunig.cc 2025-03-07T18:30:18+00:00 urn:sha1:b12c9ec6db804f8e9494502e0612850c72670fee radius: T7039: fix broken IPv6 source address 2025-01-11T09:59:23+00:00 Christian Breunig christian@breunig.cc 2025-01-10T20:02:59+00:00 urn:sha1:21b2541d98b02602dc2301e57c2ca7efddbc6cff When configuring RADIUS to use IPv6 as connection to the server with an optional source-address set system login radius server 2001:db8::4 key '9LMVCtPYpG' set system login radius source-address '2001:db8::1' It will error out: pam_radius_auth(sshd:auth): Failed looking up source IP address [2001:db8::1] for server [2001:db8::4]:1812 (error=System error) The source address is not allowed to be in [] - thus the brackets need to be removed. tacacs: T6613: dynamically build exclude_users list to avoid TACACS traffic 2024-12-15T10:03:26+00:00 Christian Breunig christian@breunig.cc 2024-12-15T08:33:28+00:00 urn:sha1:a1332024816b66174a96559b0be94dc9452a5ad8 There is no need to send local base OS accounts like root or daemon to the tacacs server. This will only make the CLI experience sluggish. Build up a dynamic list of user accounts to exclude from TACACS lookup. login: T6712: honor 80x25 terminal size for nonproduction banner message 2024-10-27T18:42:27+00:00 Christian Breunig christian@breunig.cc 2024-10-27T18:42:27+00:00 urn:sha1:41a651314085e020386cd1f1938a7412ce503b13 T6712: Add nonproduction banner (#4149) 2024-10-11T05:23:46+00:00 mergify[bot] 37929162+mergify[bot]@users.noreply.github.com 2024-10-11T05:23:46+00:00 urn:sha1:e5d2ac54150922640c08bacab124e96c7bbd1f7f (cherry picked from commit 3abe7c72c95c3d9b825db08b092c555786e9fbcf) Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io> show version: T6446: display the support URL for LTS builds 2024-06-05T14:55:22+00:00 Daniil Baturin daniil@baturin.org 2024-06-05T14:55:22+00:00 urn:sha1:02658cc2b466cb76835ad79b477c76fadc0c0cc2 banner: T6077: dehardcode URLs in MOTD template 2024-03-01T20:49:24+00:00 Christian Breunig christian@breunig.cc 2024-03-01T20:49:24+00:00 urn:sha1:a5762cb03f17fd0bc65a19604e505fe94ad42011 Use URLs provided by flavor build system and version.json file banner: T6077: implement ASCII contest winner default logo 2024-02-28T19:47:10+00:00 Christian Breunig christian@breunig.cc 2024-02-28T19:47:10+00:00 urn:sha1:0ea3a454cf560171d3eb9d4d1b97b172c06360fe Implement VyOS ASCII art contest winners logo as the default for our MOTD T5474: establish common file name pattern for XML conf mode commands 2023-12-31T22:49:48+00:00 Christian Breunig christian@breunig.cc 2023-12-30T22:25:20+00:00 urn:sha1:4ef110fd2c501b718344c72d495ad7e16d2bd465 We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in