vyos-1x.git/data/templates/ssh, branch syslog-typos-T6989 VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=syslog-typos-T6989 2024-12-23T09:13:14+00:00 T6013: Add support for configuring TrustedUserCAKeys in SSH service with local and remote CA keys 2024-12-23T09:13:14+00:00 Takeru Hayasaka hayatake396@gmail.com 2024-12-11T17:27:02+00:00 urn:sha1:e7cab89f9f81b2eeb456657d26dda8bd7d7fc428 ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms option 2024-06-28T07:42:54+00:00 khramshinr khramshinr@gmail.com 2024-06-25T10:37:16+00:00 urn:sha1:06e6e011cdf12e8d10cf1f6d4d848fd5db51720d ssh: T6192: allow binding to multiple VRF instances 2024-04-01T19:26:16+00:00 Christian Breunig christian@breunig.cc 2024-04-01T18:40:16+00:00 urn:sha1:e5af1f0905991103b12302892e6f0070bbb7b770 Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. T5474: establish common file name pattern for XML conf mode commands 2023-12-31T22:49:48+00:00 Christian Breunig christian@breunig.cc 2023-12-30T22:25:20+00:00 urn:sha1:4ef110fd2c501b718344c72d495ad7e16d2bd465 We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in login: T4943: Fixed 2FA + RADIUS compatibility 2023-02-24T18:07:18+00:00 zsdc taras@vyos.io 2023-02-24T18:07:18+00:00 urn:sha1:32a4415191ca725be9b3ca4c5f664123a0e767eb MFA requires KbdInteractiveAuthentication to ask a second factor, and the RADIUS module for PAM does not like it, which makes them incompatible. This commit: * disables KbdInteractiveAuthentication * changes order for PAM modules - make it first, before `pam_unix` or `pam_radius_auth` * enables the `forward_pass` option for `pam_google_authenticator` to accept both password and MFA in a single input As a result, local, RADIUS, and MFA work together. Important change: MFA should be entered together with a password. Before: ``` vyos login: <USERNAME> Password: <PASSWORD> Verification code: <MFA> ``` Now: ``` vyos login: <USERNAME> Password & verification code: <PASSWORD><MFA> ``` ssh: T4720: Ability to configure SSH-server HostKeyAlgorithms 2022-10-17T12:15:22+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-10-17T12:15:22+00:00 urn:sha1:85f04237160a6ea98eea4ec58f1ccab9f6bfc31a Ability to configure SSH-server HostKeyAlgorithms. Specifies the host key signature algorithms that the server offers. Can accept multiple values. Merge pull request #1555 from goodNETnick/ssh_otp 2022-10-12T07:02:37+00:00 Christian Poessinger christian@poessinger.com 2022-10-12T07:02:37+00:00 urn:sha1:6951fa7ef6ea4a2715b9083d654f6cf3f3b60213 system login: T874: add 2FA support for local and ssh authentication system login: T874: add 2FA support for local and ssh authentication 2022-10-11T23:56:45+00:00 goodNETnick pknet@ya.ru 2022-09-22T06:03:04+00:00 urn:sha1:765f84386b6e94984ff79db2eab36d51f759159b ssh: T4716: Ablity to configure RekeyLimit data and time 2022-10-10T12:52:54+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-09-27T16:06:52+00:00 urn:sha1:b9de775a5b4f017f9d164a127d93f55ce9053756 Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60 ssh: T3212: do not load systemd EnvironmentFile 2022-07-22T21:16:13+00:00 Christian Poessinger christian@poessinger.com 2022-07-22T21:05:25+00:00 urn:sha1:8c7cd6f181a4bbb5aee99f50e6c32eb1f4f37c3d