diff options
| author | Christian Poessinger <christian@poessinger.com> | 2019-12-03 22:01:19 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2019-12-06 20:58:56 +0100 |
| commit | 0d4d4dd840e06c18250d73f27de61261ff141944 (patch) | |
| tree | 5c515082495983658e22d27b1a838b2598e3ecd8 /interface-definitions/ssh.xml.in | |
| parent | 1ac177febfdd0dfc5a5b40a1b30294de0e2a45e0 (diff) | |
| download | vyos-1x-0d4d4dd840e06c18250d73f27de61261ff141944.tar.gz vyos-1x-0d4d4dd840e06c18250d73f27de61261ff141944.zip | |
T1843: run interface-definitions though GCC preprocessor
A lot of XML code is duplicated (VLAN, interface address) for instance. Such
XML definitions should be moved to feature.xml.i files and then just pulled in
via GCC preprocessor #include definition in e.g. bond or ethernet definitions.
This will give us the ability to single-source repeating node definitions as:
* Interface Address
* Interface Description
* Interface Disable
* VLAN (both vif-s and vif-c)
The .in suffix of the interface-definitions is a marker that those files are
input files to the GCC preprocessor. They will be rendered into proper XML
files in the build directory.
Some node definitions have been reworder to remove escaped double quote
occurances which would have been warned about by the GCC preprocessor.
Diffstat (limited to 'interface-definitions/ssh.xml.in')
| -rw-r--r-- | interface-definitions/ssh.xml.in | 182 |
1 files changed, 182 insertions, 0 deletions
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in new file mode 100644 index 000000000..8dea94d05 --- /dev/null +++ b/interface-definitions/ssh.xml.in @@ -0,0 +1,182 @@ +<?xml version="1.0"?> +<!--SSH configuration --> +<interfaceDefinition> + <node name="service"> + <children> + <node name="ssh" owner="${vyos_conf_scripts_dir}/ssh.py"> + <properties> + <help>Secure SHell (SSH) protocol</help> + <priority>500</priority> + </properties> + <children> + <node name="access-control"> + <properties> + <help>SSH user/group access controls. Directives are processed + in the following order: deny-users, allow-users, deny-groups and + allow-groups.</help> + </properties> + <children> + <node name="allow"> + <properties> + <help>Allow user/group SSH access</help> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Allow members of a group to login</help> + <constraint> + <regex>^[a-z_][a-z0-9_-]{1,31}[$]?</regex> + </constraint> + <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="user"> + <properties> + <help>Allow specific users to login</help> + <constraint> + <regex>^[a-z_][a-z0-9_-]{1,31}[$]?</regex> + </constraint> + <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + <node name="deny"> + <properties> + <help>Deny user/group SSH access</help> + </properties> + <children> + <leafNode name="group"> + <properties> + <help>Disallow members of a group to login</help> + <constraint> + <regex>^[a-z_][a-z0-9_-]{1,31}[$]?</regex> + </constraint> + <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + <leafNode name="user"> + <properties> + <help>Disallow specific users to login</help> + <constraint> + <regex>^[a-z_][a-z0-9_-]{1,31}[$]?</regex> + </constraint> + <constraintErrorMessage>illegal characters or more than 32 characters</constraintErrorMessage> + <multi/> + </properties> + </leafNode> + </children> + </node> + </children> + </node> + <leafNode name="ciphers"> + <properties> + <help>Allowed ciphers</help> + <completionHelp> + <script>ssh -Q cipher | tr '\n' ' '</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="disable-host-validation"> + <properties> + <help>Disable IP Address to Hostname lookup</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="disable-password-authentication"> + <properties> + <help>Disable password-based authentication</help> + <valueless/> + </properties> + </leafNode> + <leafNode name="key-exchange"> + <properties> + <help>Allowed key exchange (KEX) algorithms</help> + <completionHelp> + <script>ssh -Q kex | tr '\n' ' '</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="listen-address"> + <properties> + <help>Local addresses SSH service should listen on</help> + <valueHelp> + <format>ipv4</format> + <description>IP address to listen for incoming connections</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to listen for incoming connections</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="loglevel"> + <properties> + <help>Log level</help> + <valueHelp> + <format>QUIET</format> + <description>stay silent</description> + </valueHelp> + <valueHelp> + <format>FATAL</format> + <description>log fatals only</description> + </valueHelp> + <valueHelp> + <format>ERROR</format> + <description>log errors and fatals only</description> + </valueHelp> + <valueHelp> + <format>INFO</format> + <description>default log level</description> + </valueHelp> + <valueHelp> + <format>VERBOSE</format> + <description>enable logging of failed login attempts</description> + </valueHelp> + </properties> + </leafNode> + <leafNode name="mac"> + <properties> + <help>Allowed message authentication code (MAC) algorithms</help> + <completionHelp> + <script>ssh -Q mac | tr '\n' ' '</script> + </completionHelp> + <multi/> + </properties> + </leafNode> + <leafNode name="port"> + <properties> + <help>Port for SSH service</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <multi/> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + <leafNode name="client-keepalive-interval"> + <properties> + <help>how often send keep alives in seconds</help> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> + </properties> + </leafNode> + </children> + </node> + </children> + </node> +</interfaceDefinition> |