ssh: T4716: Ablity to configure RekeyLimit data and time

Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-09-27 16:06:52 +0000
committer: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-10-10 12:52:54 +0000
commit: b9de775a5b4f017f9d164a127d93f55ce9053756 (patch)
tree: 115f41fe28929be7c3a6a06c3bb9a0608e65ee8a
parent: 53bd9fe11e449c66656fef9cb72084d5d0800a75 (diff)
download: vyos-1x-b9de775a5b4f017f9d164a127d93f55ce9053756.tar.gz
vyos-1x-b9de775a5b4f017f9d164a127d93f55ce9053756.zip
3 files changed, 38 insertions, 0 deletions
diff --git a/data/templates/ssh/sshd_config.j2 b/data/templates/ssh/sshd_config.j2
index e7dbca581..79b07478b 100644
--- a/data/templates/ssh/sshd_config.j2
+++ b/data/templates/ssh/sshd_config.j2
@@ -96,3 +96,7 @@ DenyGroups {{ access_control.deny.group | join(' ') }}
 # sshd(8) will send a message through the encrypted channel to request a response from the client
 ClientAliveInterval {{ client_keepalive_interval }}
 {% endif %}
+
+{% if rekey.data is vyos_defined  %}
+RekeyLimit {{ rekey.data }}M {{ rekey.time + 'M' if rekey.time is vyos_defined }}
+{% endif %}
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in
index 126183162..f3c731fe5 100644
--- a/interface-definitions/ssh.xml.in
+++ b/interface-definitions/ssh.xml.in
@@ -206,6 +206,37 @@
             </properties>
             <defaultValue>22</defaultValue>
           </leafNode>
+          <node name="rekey">
+            <properties>
+              <help>SSH session rekey limit</help>
+            </properties>
+            <children>
+              <leafNode name="data">
+                <properties>
+                  <help>Threshold data in megabytes</help>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>Megabytes</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-65535"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+              <leafNode name="time">
+                <properties>
+                  <help>Threshold time in minutes</help>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>Minutes</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-65535"/>
+                  </constraint>
+                </properties>
+              </leafNode>
+            </children>
+          </node>
           <leafNode name="client-keepalive-interval">
             <properties>
               <help>Enable transmission of keepalives from server to client</help>
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index 2bbd7142a..8746cc701 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -73,6 +73,9 @@ def verify(ssh):
     if not ssh:
         return None
 
+    if 'rekey' in ssh and 'data' not in ssh['rekey']:
+        raise ConfigError(f'Rekey data is required!')
+
     verify_vrf(ssh)
     return None
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-09-27 16:06:52 +0000
committer	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-10-10 12:52:54 +0000
commit	b9de775a5b4f017f9d164a127d93f55ce9053756 (patch)
tree	115f41fe28929be7c3a6a06c3bb9a0608e65ee8a
parent	53bd9fe11e449c66656fef9cb72084d5d0800a75 (diff)
download	vyos-1x-b9de775a5b4f017f9d164a127d93f55ce9053756.tar.gz vyos-1x-b9de775a5b4f017f9d164a127d93f55ce9053756.zip