summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2022-10-17 12:15:22 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2022-10-17 12:15:22 +0000
commit85f04237160a6ea98eea4ec58f1ccab9f6bfc31a (patch)
tree2ca1ebf5429dadcdd61317e332386150cee44028
parent288d917b7c87b9a328220c8e978f2952fc7dbc32 (diff)
downloadvyos-1x-85f04237160a6ea98eea4ec58f1ccab9f6bfc31a.tar.gz
vyos-1x-85f04237160a6ea98eea4ec58f1ccab9f6bfc31a.zip
ssh: T4720: Ability to configure SSH-server HostKeyAlgorithms
Ability to configure SSH-server HostKeyAlgorithms. Specifies the host key signature algorithms that the server offers. Can accept multiple values.
-rw-r--r--data/templates/ssh/sshd_config.j25
-rw-r--r--interface-definitions/ssh.xml.in13
2 files changed, 18 insertions, 0 deletions
diff --git a/data/templates/ssh/sshd_config.j2 b/data/templates/ssh/sshd_config.j2
index 5bbfdeb88..93735020c 100644
--- a/data/templates/ssh/sshd_config.j2
+++ b/data/templates/ssh/sshd_config.j2
@@ -62,6 +62,11 @@ ListenAddress {{ address }}
Ciphers {{ ciphers | join(',') }}
{% endif %}
+{% if hostkey_algorithm is vyos_defined %}
+# Specifies the available Host Key signature algorithms
+HostKeyAlgorithms {{ hostkey_algorithm | join(',') }}
+{% endif %}
+
{% if mac is vyos_defined %}
# Specifies the available MAC (message authentication code) algorithms
MACs {{ mac | join(',') }}
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in
index f3c731fe5..2bcce2cf0 100644
--- a/interface-definitions/ssh.xml.in
+++ b/interface-definitions/ssh.xml.in
@@ -133,6 +133,19 @@
</leafNode>
</children>
</node>
+ <leafNode name="hostkey-algorithm">
+ <properties>
+ <help>Allowed host key signature algorithms</help>
+ <completionHelp>
+ <!-- generated by ssh -Q HostKeyAlgorithms | tr '\n' ' ' as this will not change dynamically -->
+ <list>ssh-ed25519 ssh-ed25519-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com ssh-rsa rsa-sha2-256 rsa-sha2-512 ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 sk-ecdsa-sha2-nistp256@openssh.com webauthn-sk-ecdsa-sha2-nistp256@openssh.com ssh-rsa-cert-v01@openssh.com rsa-sha2-256-cert-v01@openssh.com rsa-sha2-512-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com</list>
+ </completionHelp>
+ <multi/>
+ <constraint>
+ <regex>(ssh-ed25519|ssh-ed25519-cert-v01@openssh.com|sk-ssh-ed25519@openssh.com|sk-ssh-ed25519-cert-v01@openssh.com|ssh-rsa|rsa-sha2-256|rsa-sha2-512|ssh-dss|ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|sk-ecdsa-sha2-nistp256@openssh.com|webauthn-sk-ecdsa-sha2-nistp256@openssh.com|ssh-rsa-cert-v01@openssh.com|rsa-sha2-256-cert-v01@openssh.com|rsa-sha2-512-cert-v01@openssh.com|ssh-dss-cert-v01@openssh.com|ecdsa-sha2-nistp256-cert-v01@openssh.com|ecdsa-sha2-nistp384-cert-v01@openssh.com|ecdsa-sha2-nistp521-cert-v01@openssh.com|sk-ecdsa-sha2-nistp256-cert-v01@openssh.com)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
<leafNode name="key-exchange">
<properties>
<help>Allowed key exchange (KEX) algorithms</help>