diff options
| author | Christian Poessinger <christian@poessinger.com> | 2018-10-21 20:03:13 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2018-10-21 20:03:13 +0200 |
| commit | 9cf0514668b1461d3b74076b99c9edabafa10418 (patch) | |
| tree | 1debbad631e620ebcce4bb842ed0ce743f9c4342 | |
| parent | 06e3d57867d2da4118ea0328fb3cf9074081f444 (diff) | |
| download | vyos-1x-9cf0514668b1461d3b74076b99c9edabafa10418.tar.gz vyos-1x-9cf0514668b1461d3b74076b99c9edabafa10418.zip | |
T634: remove 'service ssh allow-root'
| -rw-r--r-- | interface-definitions/ssh.xml | 6 | ||||
| -rwxr-xr-x | src/conf_mode/ssh.py | 6 | ||||
| -rwxr-xr-x | src/migration-scripts/ssh/0-to-1 | 32 |
3 files changed, 33 insertions, 11 deletions
diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml index 422e6d64d..c0ce976d6 100644 --- a/interface-definitions/ssh.xml +++ b/interface-definitions/ssh.xml @@ -72,12 +72,6 @@ </node> </children> </node> - <leafNode name="allow-root"> - <properties> - <help>Allow the root user to login</help> - <valueless/> - </properties> - </leafNode> <leafNode name="ciphers"> <properties> <help>Allowed ciphers</help> diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index b681acea3..2a5cba99a 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -79,7 +79,7 @@ Port {{ port }} LogLevel {{ log_level }} # Specifies whether root can log in using ssh -PermitRootLogin {{ allow_root }} +PermitRootLogin no # Specifies whether password authentication is allowed PasswordAuthentication {{ password_authentication }} @@ -164,7 +164,6 @@ ClientAliveInterval {{ client_keepalive }} default_config_data = { 'port' : '22', 'log_level': 'INFO', - 'allow_root': 'no', 'password_authentication': 'yes', 'host_validation': 'yes' } @@ -193,9 +192,6 @@ def get_config(): deny_groups = conf.return_values('access-control deny group') ssh['deny_groups'] = deny_groups - if conf.exists('allow-root'): - ssh['allow-root'] = 'yes' - if conf.exists('ciphers'): ciphers = conf.return_values('ciphers') ssh['ciphers'] = ciphers diff --git a/src/migration-scripts/ssh/0-to-1 b/src/migration-scripts/ssh/0-to-1 new file mode 100755 index 000000000..91b832276 --- /dev/null +++ b/src/migration-scripts/ssh/0-to-1 @@ -0,0 +1,32 @@ +#!/usr/bin/env python3 + +# Delete "service ssh allow-root" option + +import sys + +from vyos.configtree import ConfigTree + +if (len(sys.argv) < 1): + print("Must specify file name!") + sys.exit(1) + +file_name = sys.argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +config = ConfigTree(config_file) + +if not config.exists(['service', 'ssh', 'allow-root']): + # Nothing to do + sys.exit(0) +else: + # Delete node with abandoned command + config.delete(['service', 'ssh', 'allow-root']) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + sys.exit(1) |