op-mode: T5661: remove call to sudo in ssh.py and move it to XML definition

Try to have as few calls to sudo in the op-mode scripts as possible. The XML
definitions can deal with it.

2 files changed, 4 insertions, 4 deletions

diff --git a/op-mode-definitions/show-ssh.xml.in b/op-mode-definitions/show-ssh.xml.in
index 88faecada..ca8e669b3 100644
--- a/op-mode-definitions/show-ssh.xml.in
+++ b/op-mode-definitions/show-ssh.xml.in
@@ -11,7 +11,7 @@
             <properties>
               <help>Show SSH server dynamic-protection blocked attackers</help>
             </properties>
-            <command>${vyos_op_scripts_dir}/ssh.py show_dynamic_protection</command>
+            <command>sudo ${vyos_op_scripts_dir}/ssh.py show_dynamic_protection</command>
           </node>
           <node name="fingerprints">
             <properties>
diff --git a/src/op_mode/ssh.py b/src/op_mode/ssh.py
index c09b2166f..102becc55 100755
--- a/src/op_mode/ssh.py
+++ b/src/op_mode/ssh.py
@@ -64,18 +64,18 @@ def show_fingerprints(raw: bool, ascii: bool):
 
 def show_dynamic_protection(raw: bool):
     config = ConfigTreeQuery()
-    if not config.exists("service ssh dynamic-protection"):
+    if not config.exists(['service', 'ssh', 'dynamic-protection']):
         raise vyos.opmode.UnconfiguredSubsystem("SSH server dynamic-protection is not enabled.")
 
     attackers = []
     try:
         # IPv4
-        attackers = attackers + json.loads(cmd("sudo nft -j list set ip sshguard attackers"))["nftables"][1]["set"]["elem"]
+        attackers = attackers + json.loads(cmd("nft -j list set ip sshguard attackers"))["nftables"][1]["set"]["elem"]
     except:
         pass
     try:
         # IPv6
-        attackers = attackers + json.loads(cmd("sudo nft -j list set ip6 sshguard attackers"))["nftables"][1]["set"]["elem"]
+        attackers = attackers + json.loads(cmd("nft -j list set ip6 sshguard attackers"))["nftables"][1]["set"]["elem"]
     except:
         pass
     if attackers: