<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-1x.git/data/templates/login, branch feature/T9082-codeql-cpp</title>
<subtitle>VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-1x.git/atom?h=feature%2FT9082-codeql-cpp</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-1x.git/atom?h=feature%2FT9082-codeql-cpp'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/'/>
<updated>2026-06-29T12:10:10+00:00</updated>
<entry>
<title>ci: T8490: fix typos in comments, strings, and local identifiers</title>
<updated>2026-06-29T12:10:10+00:00</updated>
<author>
<name>Yuriy Andamasov</name>
<email>yuriy@vyos.io</email>
</author>
<published>2026-06-29T07:28:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=094928ba02bbabf3807ebe8f5ae77b957435d288'/>
<id>urn:sha1:094928ba02bbabf3807ebe8f5ae77b957435d288</id>
<content type='text'>
Reaches a clean typos baseline for the T8490 ruleset pilot. Categories:
- Comments/docs: recursivly, taret, passsed, characted, arhive, AtrributeError;
  "ned" -&gt; "new" (migration comments).
- Messages/strings: writeable -&gt; writable (x5); OCaml log "Commandis" -&gt; "Command is".
- Local variables (all refs in-function): commited, formating, presistent;
  inpt_range -&gt; input_range; tz_datas -&gt; tz_data_raw (avoids the tz_data collision).
- Self-contained renames (definition + all references in-file): formated_stats,
  _get_formatted_output_conections -&gt; ..._connections, expension_failure -&gt;
  expansion_failure (ping + traceroute), snmpd_restart_reqired -&gt; ..._required.

False positives are allowlisted centrally (vyos/.github, separate PR), NOT changed
here: mke2fs, Maya-calendar "Mak", RFC 4122 "IDentifier" (hostapd), and VPP's
"U-Forwrd" bridge-domain column header (op_mode/vpp.py + the VPP smoketest assert
the real upstream `vppctl` output). Verified: typos clean, py_compile of every
edited .py, zero remaining old-identifier references.

🤖 Generated by [robots](https://vyos.io)
</content>
</entry>
<entry>
<title>T8410: Fix typos and mistakes for operational and configuration commands</title>
<updated>2026-03-24T17:02:56+00:00</updated>
<author>
<name>Viacheslav Hletenko</name>
<email>v.gletenko@vyos.io</email>
</author>
<published>2026-03-20T16:41:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=bb2aee1e58c1cd30087b935798060e6bf3c698c8'/>
<id>urn:sha1:bb2aee1e58c1cd30087b935798060e6bf3c698c8</id>
<content type='text'>
Fix typos and mistakes in the commands and comments
No functional changes
</content>
</entry>
<entry>
<title>ssh: T7839: add deprecation warning for DSA hostkey-algorithm usage</title>
<updated>2025-09-17T19:49:34+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-09-17T19:49:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=6deda171e8b5f5a65101436399bdbb308179e076'/>
<id>urn:sha1:6deda171e8b5f5a65101436399bdbb308179e076</id>
<content type='text'>
OpenSSH in Debian Trixie has removed support for ssh-dss (DSA) keys, which will
prevent users with such keys from logging in after upgrade. To avoid lockouts,
add a loud deprecation warning when users log in using a DSA key. This warning
advises affected users to replace their keys with a supported algorithm (e.g.,
ed25519 or RSA) before the upgrade.

Deprecation warning will be displayed during "commit" but also as MOTD to inform
on this issue during every login.

    DEPRECATION WARNING: Support for SSH-DSA keys is deprecated and will
    be removed in VyOS 1.6. Please update affected keys to a supported
    algorithm (e.g., RSA, ECDSA or ED25519) to avoid authentication
    failures after the upgrade. The following hostkey-algorithms are in
    use: ssh-dss, ssh-dss-cert-v01@openssh.com
</content>
</entry>
<entry>
<title>login: T7839: add deprecation warning for DSS public-key usage</title>
<updated>2025-09-17T19:16:49+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-09-17T19:16:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=6af9055be9870effefe802c9fd7b3a9d6aec9413'/>
<id>urn:sha1:6af9055be9870effefe802c9fd7b3a9d6aec9413</id>
<content type='text'>
OpenSSH in Debian Trixie has removed support for ssh-dss (DSA) keys, which will
prevent users with such keys from logging in after upgrade. To avoid lockouts,
add a loud deprecation warning when users log in using a DSA key. This warning
advises affected users to replace their keys with a supported algorithm (e.g.,
ed25519 or RSA) before the upgrade.

Deprecation warning will be displayed during "commit" but also as MOTD to inform
on this issue during every login.

    DEPRECATION WARNING: Support for SSH-DSA keys is deprecated and will
    be removed in VyOS 1.6. Please update affected keys to a supported
    algorithm (e.g., RSA, ECDSA or ED25519) to avoid authentication
    failures after the upgrade. The following users are using SSH-DSS keys
    for authentication.

    User "vyos" with deprecated public-key named: foo
</content>
</entry>
<entry>
<title>ssh: T6013: move principal name to "system login user &lt;name&gt; authentication"</title>
<updated>2025-05-29T11:57:48+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-05-20T17:49:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=81dfb64ebb3ea3c58c92e8f26e8610a46e4c50d2'/>
<id>urn:sha1:81dfb64ebb3ea3c58c92e8f26e8610a46e4c50d2</id>
<content type='text'>
We already support using per-user SSH public keys for system authentication.
Instead of introducing a new CLI path to configure per-user principal names,
we should continue using the existing CLI location and store the principal
names alongside the corresponding SSH public keys.

set system login user &lt;name&gt; principal &lt;principal&gt;

The certificate used for SSH authentication contains an embedded principal
name, which is defined under this CLI node. Only users with matching principal
names are permitted to log in.
</content>
</entry>
<entry>
<title>login: T6712: add newline after motd warning message</title>
<updated>2025-03-07T18:30:18+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-03-07T18:30:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=b12c9ec6db804f8e9494502e0612850c72670fee'/>
<id>urn:sha1:b12c9ec6db804f8e9494502e0612850c72670fee</id>
<content type='text'>
</content>
</entry>
<entry>
<title>radius: T7039: fix broken IPv6 source address</title>
<updated>2025-01-11T09:59:23+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-01-10T20:02:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=21b2541d98b02602dc2301e57c2ca7efddbc6cff'/>
<id>urn:sha1:21b2541d98b02602dc2301e57c2ca7efddbc6cff</id>
<content type='text'>
When configuring RADIUS to use IPv6 as connection to the server with an
optional source-address

set system login radius server 2001:db8::4 key '9LMVCtPYpG'
set system login radius source-address '2001:db8::1'

It will error out:

  pam_radius_auth(sshd:auth): Failed looking up source IP address [2001:db8::1]
    for server [2001:db8::4]:1812 (error=System error)

The source address is not allowed to be in [] - thus the brackets need to be
removed.
</content>
</entry>
<entry>
<title>tacacs: T6613: dynamically build exclude_users list to avoid TACACS traffic</title>
<updated>2024-12-15T10:03:26+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2024-12-15T08:33:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=a1332024816b66174a96559b0be94dc9452a5ad8'/>
<id>urn:sha1:a1332024816b66174a96559b0be94dc9452a5ad8</id>
<content type='text'>
There is no need to send local base OS accounts like root or daemon to the
tacacs server. This will only make the CLI experience sluggish.

Build up a dynamic list of user accounts to exclude from TACACS lookup.
</content>
</entry>
<entry>
<title>login: T6712: honor 80x25 terminal size for nonproduction banner message</title>
<updated>2024-10-27T18:42:27+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2024-10-27T18:42:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=41a651314085e020386cd1f1938a7412ce503b13'/>
<id>urn:sha1:41a651314085e020386cd1f1938a7412ce503b13</id>
<content type='text'>
</content>
</entry>
<entry>
<title>T6712: Add nonproduction banner (#4149)</title>
<updated>2024-10-11T05:23:46+00:00</updated>
<author>
<name>mergify[bot]</name>
<email>37929162+mergify[bot]@users.noreply.github.com</email>
</author>
<published>2024-10-11T05:23:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=e5d2ac54150922640c08bacab124e96c7bbd1f7f'/>
<id>urn:sha1:e5d2ac54150922640c08bacab124e96c7bbd1f7f</id>
<content type='text'>
(cherry picked from commit 3abe7c72c95c3d9b825db08b092c555786e9fbcf)

Co-authored-by: Viacheslav Hletenko &lt;v.gletenko@vyos.io&gt;</content>
</entry>
</feed>
