T632: use multi node for SSH allow/deny users and groups

author: Christian Poessinger <christian@poessinger.com> 2018-05-13 14:10:15 +0200
committer: Christian Poessinger <christian@poessinger.com> 2018-05-14 11:30:22 +0200
commit: c5774b1dacb5c4bc67d2bf6f63ed92a296923220 (patch)
tree: 7ccee5fa962062a9aed930a1225c042191c3d7fa /interface-definitions/ssh.xml
parent: 860b229fe00998d2dd2d020d7dc847f99e709c26 (diff)
download: vyos-1x-c5774b1dacb5c4bc67d2bf6f63ed92a296923220.tar.gz
vyos-1x-c5774b1dacb5c4bc67d2bf6f63ed92a296923220.zip
1 files changed, 33 insertions, 21 deletions
diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml
index f898f3934..7b16939c6 100644
--- a/interface-definitions/ssh.xml
+++ b/interface-definitions/ssh.xml
@@ -13,29 +13,41 @@
         <children>
           <node name="access-control">
             <properties>
-                <help>SSH user/group access controls. Directives are processed in this: deny-users, allow-users, deny-groups and allow-groups</help>
+              <help>SSH user/group access controls. Directives are processed in this: deny-users, allow-users, deny-groups and allow-groups</help>
             </properties>
             <children>
-              <leafNode name="allow-groups">
-                <properties>
-                  <help>Configure sshd_config access control for allowed groups</help>
-                </properties>
-              </leafNode>
-              <leafNode name="allow-users">
-                <properties>
-                  <help>Configure sshd_config access control for allowed users</help>
-                </properties>
-              </leafNode>
-              <leafNode name="deny-groups">
-                <properties>
-                  <help>Configure sshd_config access control for disallowed groups</help>
-                </properties>
-              </leafNode>
-              <leafNode name="deny-users">
-                <properties>
-                  <help>Configure sshd_config access control for disallowed users</help>
-                </properties>
-              </leafNode>
+              <node name="allow">
+                <children>
+                  <leafNode name="group">
+                    <properties>
+                      <help>Login is allowed for users whose primary or supplementary group matches</help>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="user">
+                    <properties>
+                      <help>Login is allowed only for user names that match</help>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="deny">
+                <children>
+                  <leafNode name="group">
+                    <properties>
+                      <help>Login is disallowed for users whose primary or supplementary group matches</help>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="user">
+                    <properties>
+                      <help>Login is disallowed for user names that match</help>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
             </children>
           </node>
           <leafNode name="allow-root">
author	Christian Poessinger <christian@poessinger.com>	2018-05-13 14:10:15 +0200
committer	Christian Poessinger <christian@poessinger.com>	2018-05-14 11:30:22 +0200
commit	c5774b1dacb5c4bc67d2bf6f63ed92a296923220 (patch)
tree	7ccee5fa962062a9aed930a1225c042191c3d7fa /interface-definitions/ssh.xml
parent	860b229fe00998d2dd2d020d7dc847f99e709c26 (diff)
download	vyos-1x-c5774b1dacb5c4bc67d2bf6f63ed92a296923220.tar.gz vyos-1x-c5774b1dacb5c4bc67d2bf6f63ed92a296923220.zip