summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2018-05-15 22:26:25 +0200
committerChristian Poessinger <christian@poessinger.com>2018-05-15 22:26:25 +0200
commita5e81355d1b81d66fafa99fda7f8efde526250bd (patch)
tree518c5c7530096fb94807bdfd1b24fbdbc9b828d2
parent2fd1926bad0753296807c5b29df711af29e2a67a (diff)
parentd9474df03d47b20f06580c3b32aac69849162015 (diff)
downloadvyos-1x-a5e81355d1b81d66fafa99fda7f8efde526250bd.tar.gz
vyos-1x-a5e81355d1b81d66fafa99fda7f8efde526250bd.zip
Merge branch 'remove-ssh-allow-root' into current
* remove-ssh-allow-root: T634: Remove 'service ssh allow-root'
-rw-r--r--interface-definitions/ssh.xml6
-rwxr-xr-xsrc/conf-mode/vyos-config-ssh.py8
2 files changed, 1 insertions, 13 deletions
diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml
index 9b4680235..dfae1d8ed 100644
--- a/interface-definitions/ssh.xml
+++ b/interface-definitions/ssh.xml
@@ -50,12 +50,6 @@
</node>
</children>
</node>
- <leafNode name="allow-root">
- <properties>
- <help>Enable root login over ssh</help>
- <valueless/>
- </properties>
- </leafNode>
<leafNode name="ciphers">
<properties>
<help>Specifies allowed Ciphers</help>
diff --git a/src/conf-mode/vyos-config-ssh.py b/src/conf-mode/vyos-config-ssh.py
index a7877eaeb..a4857bba9 100755
--- a/src/conf-mode/vyos-config-ssh.py
+++ b/src/conf-mode/vyos-config-ssh.py
@@ -59,6 +59,7 @@ Banner /etc/issue.net
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
HostKey /etc/ssh/ssh_host_key
+PermitRootLogin no
# Specifies whether sshd should look up the remote host name,
# and to check that the resolved host name for the remote IP
@@ -72,9 +73,6 @@ Port {{ port }}
# Gives the verbosity level that is used when logging messages from sshd
LogLevel {{ log_level }}
-# Specifies whether root can log in using ssh
-PermitRootLogin {{ allow_root }}
-
# Specifies whether password authentication is allowed
PasswordAuthentication {{ password_authentication }}
@@ -142,7 +140,6 @@ DenyGroups {{ deny_groups | join(" ") }}
default_config_data = {
'port' : '22',
'log_level': 'INFO',
- 'allow_root': 'no',
'password_authentication': 'yes',
'host_validation': 'yes'
}
@@ -171,9 +168,6 @@ def get_config():
deny_groups = conf.return_values('access-control deny group')
ssh.setdefault('deny_groups', deny_groups)
- if conf.exists('allow-root'):
- ssh['allow-root'] = 'yes'
-
if conf.exists('ciphers'):
ciphers = conf.return_values('ciphers')
ssh.setdefault('ciphers', ciphers)