diff options
| author | Christian Poessinger <christian@poessinger.com> | 2018-05-15 22:26:25 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2018-05-15 22:26:25 +0200 |
| commit | a5e81355d1b81d66fafa99fda7f8efde526250bd (patch) | |
| tree | 518c5c7530096fb94807bdfd1b24fbdbc9b828d2 | |
| parent | 2fd1926bad0753296807c5b29df711af29e2a67a (diff) | |
| parent | d9474df03d47b20f06580c3b32aac69849162015 (diff) | |
| download | vyos-1x-a5e81355d1b81d66fafa99fda7f8efde526250bd.tar.gz vyos-1x-a5e81355d1b81d66fafa99fda7f8efde526250bd.zip | |
Merge branch 'remove-ssh-allow-root' into current
* remove-ssh-allow-root:
T634: Remove 'service ssh allow-root'
| -rw-r--r-- | interface-definitions/ssh.xml | 6 | ||||
| -rwxr-xr-x | src/conf-mode/vyos-config-ssh.py | 8 |
2 files changed, 1 insertions, 13 deletions
diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml index 9b4680235..dfae1d8ed 100644 --- a/interface-definitions/ssh.xml +++ b/interface-definitions/ssh.xml @@ -50,12 +50,6 @@ </node> </children> </node> - <leafNode name="allow-root"> - <properties> - <help>Enable root login over ssh</help> - <valueless/> - </properties> - </leafNode> <leafNode name="ciphers"> <properties> <help>Specifies allowed Ciphers</help> diff --git a/src/conf-mode/vyos-config-ssh.py b/src/conf-mode/vyos-config-ssh.py index a7877eaeb..a4857bba9 100755 --- a/src/conf-mode/vyos-config-ssh.py +++ b/src/conf-mode/vyos-config-ssh.py @@ -59,6 +59,7 @@ Banner /etc/issue.net Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes HostKey /etc/ssh/ssh_host_key +PermitRootLogin no # Specifies whether sshd should look up the remote host name, # and to check that the resolved host name for the remote IP @@ -72,9 +73,6 @@ Port {{ port }} # Gives the verbosity level that is used when logging messages from sshd LogLevel {{ log_level }} -# Specifies whether root can log in using ssh -PermitRootLogin {{ allow_root }} - # Specifies whether password authentication is allowed PasswordAuthentication {{ password_authentication }} @@ -142,7 +140,6 @@ DenyGroups {{ deny_groups | join(" ") }} default_config_data = { 'port' : '22', 'log_level': 'INFO', - 'allow_root': 'no', 'password_authentication': 'yes', 'host_validation': 'yes' } @@ -171,9 +168,6 @@ def get_config(): deny_groups = conf.return_values('access-control deny group') ssh.setdefault('deny_groups', deny_groups) - if conf.exists('allow-root'): - ssh['allow-root'] = 'yes' - if conf.exists('ciphers'): ciphers = conf.return_values('ciphers') ssh.setdefault('ciphers', ciphers) |