diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-08-03 18:38:55 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-08-03 18:40:06 +0200 |
| commit | ca2ab503f42a8446175954e9e7280ecc8e75e927 (patch) | |
| tree | ea9a118982f310815b9d690ec80d238056bd072c | |
| parent | 6539f908e17c17a4a931e9638af9487e341bdcae (diff) | |
| download | vyos-1x-ca2ab503f42a8446175954e9e7280ecc8e75e927.tar.gz vyos-1x-ca2ab503f42a8446175954e9e7280ecc8e75e927.zip | |
ssh: T1076: make configuration volatile
Move sshd_config file to /run so it must be generated on every boot and is
not stored accidently.
| -rw-r--r-- | data/templates/ssh/override.conf.tmpl | 3 | ||||
| -rwxr-xr-x | src/conf_mode/ssh.py | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl index 4276366ae..843aa927b 100644 --- a/data/templates/ssh/override.conf.tmpl +++ b/data/templates/ssh/override.conf.tmpl @@ -2,9 +2,10 @@ [Unit] StartLimitIntervalSec=0 After=vyos-router.service +ConditionPathExists={{config_file}} [Service] ExecStart= -ExecStart={{vrf_command}}/usr/sbin/sshd -D $SSHD_OPTS +ExecStart={{vrf_command}}/usr/sbin/sshd -f {{config_file}} -D $SSHD_OPTS RestartSec=10 diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index ffb0b700d..7b262565a 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -28,7 +28,7 @@ from vyos.xml import defaults from vyos import airbag airbag.enable() -config_file = r'/etc/ssh/sshd_config' +config_file = r'/run/ssh/sshd_config' systemd_override = r'/etc/systemd/system/ssh.service.d/override.conf' def get_config(): @@ -42,6 +42,8 @@ def get_config(): # options which we need to update into the dictionary retrived. default_values = defaults(base) ssh = dict_merge(default_values, ssh) + # pass config file path - used in override template + ssh['config_file'] = config_file return ssh |