<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-1x.git/smoketest/scripts/cli/test_service_ssh.py, branch rolling</title>
<subtitle>VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-1x.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-1x.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/'/>
<updated>2026-06-16T18:24:44+00:00</updated>
<entry>
<title>T8923: normalize "can not" to "cannot"</title>
<updated>2026-06-16T18:24:44+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2026-06-16T18:24:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=fa853ed8f25b5b9bf396d6e819b2c6259e7f5f42'/>
<id>urn:sha1:fa853ed8f25b5b9bf396d6e819b2c6259e7f5f42</id>
<content type='text'>
Replace two-word "can not" / "Can not" with "cannot" across comments,
ConfigError messages, CLI help text, and op-mode output.

Standard SNMP MIB files under mibs/ are left unchanged.
</content>
</entry>
<entry>
<title>T8410: Fix typos and mistakes for comments and messages</title>
<updated>2026-03-27T15:00:17+00:00</updated>
<author>
<name>Viacheslav Hletenko</name>
<email>v.gletenko@vyos.io</email>
</author>
<published>2026-03-27T14:43:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=139b0841f8242a5c6ebdafb37380c1fb78342aae'/>
<id>urn:sha1:139b0841f8242a5c6ebdafb37380c1fb78342aae</id>
<content type='text'>
Fix typos and mistakes
No functional changes
</content>
</entry>
<entry>
<title>ssh: T7483: Add fido2 PubkeyAuthOptions</title>
<updated>2026-01-15T15:25:45+00:00</updated>
<author>
<name>Chloe Surett</name>
<email>chloe@surett.me</email>
</author>
<published>2025-11-17T16:57:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=2473e1bfdeeb0ea7cc47a14811c29cc4801c8038'/>
<id>urn:sha1:2473e1bfdeeb0ea7cc47a14811c29cc4801c8038</id>
<content type='text'>
</content>
</entry>
<entry>
<title>login: T8086: replace getpwall() occurances with get_local_passwd_entries()</title>
<updated>2025-12-17T20:27:23+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-12-09T22:15:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=5566e6035b42e99eb874c3c5a35fe72e8435df38'/>
<id>urn:sha1:5566e6035b42e99eb874c3c5a35fe72e8435df38</id>
<content type='text'>
Switch to our custom implementation to avoid NSS/TACACS timeouts as explained
in commit 4c9eaaa96e06 ("login: replace getpwall() user enumeration to avoid
NSS/TACACS timeouts").
</content>
</entry>
<entry>
<title>ssh: T8098: rename "ciphers" CLI node to "cipher"</title>
<updated>2025-12-14T17:58:00+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-12-14T17:58:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=ef13a6319a21c8030301aeebbeabf5148adb994c'/>
<id>urn:sha1:ef13a6319a21c8030301aeebbeabf5148adb994c</id>
<content type='text'>
Follow VyOS CLI best practices for using singular whenever possible to build a
CLI node. As we introduce a new migration 2 -&gt; 3 for SSH we can correct this
minor detail.
</content>
</entry>
<entry>
<title>T7948: always call setUp() and tearDown() base class methods</title>
<updated>2025-10-21T19:03:16+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-10-20T16:52:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=4995a58f998d3bdd055e49e919945bc0aa939be4'/>
<id>urn:sha1:4995a58f998d3bdd055e49e919945bc0aa939be4</id>
<content type='text'>
While working on task T7664 (FRR 10.4 upgrade), I identified the need for
additional validation and safeguards around the FRR management daemon. The
most appropriate place for this logic is in the setUp() and tearDown() methods
of the smoketest base class, VyOSUnitTestSHIM.

However, during implementation, it became apparent that test cases do not
consistently invoke the base class's setup and teardown methods. This
inconsistency complicates the process of capturing the FRR mgmtd PID at the
start of a test and verifying that it remains unchanged by the end - a key step
in detecting crashes or unexpected terminations (e.g., SIGSEGV) of the FRR
management daemon during tests.
</content>
</entry>
<entry>
<title>smoketest: T7858: make failfast main argument dynamic</title>
<updated>2025-09-30T15:19:06+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-09-22T18:49:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=2c521f1356378904e3d3a744960de68e8c5b62dc'/>
<id>urn:sha1:2c521f1356378904e3d3a744960de68e8c5b62dc</id>
<content type='text'>
When smoketest debugging is enabled (by creating the file
/tmp/vyos.smoketest.debug), all available smoketests will fail fast instead
of running to completion. This helps reduce test time when something is
broken or undergoing refactoring, as it avoids waiting for the full test suite
to finish.
</content>
</entry>
<entry>
<title>T7591: remove copyright years from source files</title>
<updated>2025-06-28T21:16:52+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-06-28T18:51:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=1478516ae437f19ebeb7d6ff9b83dd74f8e76758'/>
<id>urn:sha1:1478516ae437f19ebeb7d6ff9b83dd74f8e76758</id>
<content type='text'>
The legal team says years are not necessary so we can go ahead with it, since
it will simplify backporting.

Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \
's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors &lt;maintainers@vyos.io&gt;/g'

In addition we will error-out during "make" if someone re-adds a legacy
copyright notice
</content>
</entry>
<entry>
<title>ssh: T6013: rename trusted-user-ca-key -&gt; truster-user-ca</title>
<updated>2025-05-29T12:01:32+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-05-20T17:57:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=4b4bbd73b84c2c478c7752f58e7f66ec6d90459e'/>
<id>urn:sha1:4b4bbd73b84c2c478c7752f58e7f66ec6d90459e</id>
<content type='text'>
The current implementation for SSH CA based authentication uses "set service
ssh trusted-user-ca-key ca-certificate &lt;foo&gt;" to define an X.509 certificate
from "set pki ca &lt;foo&gt; ..." - fun fact, native OpenSSH does not support X.509
certificates and only runs with OpenSSH ssh-keygen generated RSA or EC keys.

This commit changes the bahavior to support antive certificates generated using
ssh-keygen and loaded to our PKI tree. As the previous implementation
did not work at all, no migrations cript is used.
</content>
</entry>
<entry>
<title>ssh: T6013: support SSH AuthorizedPrincipalsFile in use with trusted-user-ca-key</title>
<updated>2025-05-29T11:57:48+00:00</updated>
<author>
<name>Takeru Hayasaka</name>
<email>hayatake396@gmail.com</email>
</author>
<published>2024-12-28T19:58:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=6c3b1ef2fede1e3c2b6e89060d3d645c2ba744cd'/>
<id>urn:sha1:6c3b1ef2fede1e3c2b6e89060d3d645c2ba744cd</id>
<content type='text'>
Thisc omplements commit e7cab89f9f81 ("T6013: Add support for configuring
TrustedUserCAKeys in SSH service with local and remote CA keys"). It introduces
a new CLI node per user to support defining the authorized principals used by
any given PKI certificate. It is now possible to associate SSH login users with
their respective principals.

Authored-by: Takeru Hayasaka &lt;hayatake396@gmail.com&gt;
</content>
</entry>
</feed>
