VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=1.3.1 2021-01-18T16:53:19+00:00 2021-01-18T16:53:19+00:00 Christian Poessinger christian@poessinger.com 2021-01-18T16:50:55+00:00 urn:sha1:c71bf9ca97a04d578eb1f600fb7435b001fd17cd When configuring SSH to only run inside a given VRF the system can not start SSHd on bootup as the Kernel will report EPERM (Operation not permitted) when loading the VRF BPF program. This returns the exit code 255 which is marked in the systemd unit file to stop restarting the service forever. Removing this limitation will restart the SSHd on startup and it will live inside the VRF till the end of days. (cherry picked from commit cdbac8f10b470a06aff54832da7f006aa3ed194e) 2021-01-13T20:43:16+00:00 Christian Poessinger christian@poessinger.com 2021-01-13T20:40:36+00:00 urn:sha1:4f4362736de7a8d75ad31c158e7964e65cc4b1bd (cherry picked from commit 57fca79636b783dc4be2df1bc1ff12a0ce79d988) 2021-01-07T22:23:40+00:00 Christian Poessinger christian@poessinger.com 2021-01-07T22:22:58+00:00 urn:sha1:dcdc4f3ea27f1a26f8baa6b72b51c7911f21e6ba 2021-01-07T22:01:51+00:00 Christian Poessinger christian@poessinger.com 2021-01-07T20:30:00+00:00 urn:sha1:65ee3a66077c7708f366d9492033634024887545 2020-08-31T17:59:25+00:00 Christian Poessinger christian@poessinger.com 2020-08-31T17:57:06+00:00 urn:sha1:9c63731d6683f59ea784c08852ed38e3ac22794b Now that b40c52682a256 ("config: T2636: get_config_dict() returns a list on multi node by default") is implemented the workarounds can be removed. 2020-08-03T16:40:06+00:00 Christian Poessinger christian@poessinger.com 2020-08-03T16:38:55+00:00 urn:sha1:ca2ab503f42a8446175954e9e7280ecc8e75e927 Move sshd_config file to /run so it must be generated on every boot and is not stored accidently. 2020-07-07T17:05:00+00:00 Christian Poessinger christian@poessinger.com 2020-07-07T17:05:00+00:00 urn:sha1:d0261c4daf31bd7fc05643e86660caee9f0442c5 When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear if the user specified "info" as loglevel instead of "INFO". There was no input validation done in 1.2 but this is now enforced in 1.3. In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If an invalid loglevel is found it will be set to info. 2020-07-04T19:36:51+00:00 Christian Poessinger christian@poessinger.com 2020-07-04T19:34:37+00:00 urn:sha1:8c4221083d8898bf478e2aeec04dd135e4993cb1 Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5). 2020-07-04T19:36:51+00:00 Christian Poessinger christian@poessinger.com 2020-07-04T19:22:29+00:00 urn:sha1:ff7dd3b9de82347cc77612cb79dc159661320d49 2020-06-26T07:27:18+00:00 Christian Poessinger christian@poessinger.com 2020-06-26T07:25:46+00:00 urn:sha1:8aa548c975bbbd306d9a1f8441960c3834388fdf Commit 1d7f88b459d ("ssh: T2635: migrate to get_config_dict()") used a wrong loop iterator on the rendered ListenAddress statement.