summaryrefslogtreecommitdiff
path: root/interface-definitions/ssh.xml
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@baturin.org>2018-05-16 03:00:16 +0200
committerDaniil Baturin <daniil@baturin.org>2018-05-16 03:00:16 +0200
commit2a477e6bfc80cf7994ad0873b80ca36cab06a456 (patch)
tree8e596a342032954d598bb46995ed0e25afafc7b2 /interface-definitions/ssh.xml
parent1c45baa4465111c8268568c80a2433ee7407fccb (diff)
parenta5e81355d1b81d66fafa99fda7f8efde526250bd (diff)
downloadvyos-1x-2a477e6bfc80cf7994ad0873b80ca36cab06a456.tar.gz
vyos-1x-2a477e6bfc80cf7994ad0873b80ca36cab06a456.zip
Merge branch 'current' of github.com:vyos/vyos-1x into current
Diffstat (limited to 'interface-definitions/ssh.xml')
-rw-r--r--interface-definitions/ssh.xml69
1 files changed, 39 insertions, 30 deletions
diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml
index ba5b887bc..dfae1d8ed 100644
--- a/interface-definitions/ssh.xml
+++ b/interface-definitions/ssh.xml
@@ -13,43 +13,50 @@
<children>
<node name="access-control">
<properties>
- <help>SSH user/group access controls. Directives are processed in this: deny-users, allow-users, deny-groups and allow-groups</help>
+ <help>SSH user/group access controls. Directives are processed in this: deny-users, allow-users, deny-groups and allow-groups</help>
</properties>
<children>
- <leafNode name="allow-groups">
- <properties>
- <help>Configure sshd_config access control for allowed groups</help>
- </properties>
- </leafNode>
- <leafNode name="allow-users">
- <properties>
- <help>Configure sshd_config access control for allowed users</help>
- </properties>
- </leafNode>
- <leafNode name="deny-groups">
- <properties>
- <help>Configure sshd_config access control for disallowed groups</help>
- </properties>
- </leafNode>
- <leafNode name="deny-users">
- <properties>
- <help>Configure sshd_config access control for disallowed users</help>
- </properties>
- </leafNode>
+ <node name="allow">
+ <children>
+ <leafNode name="group">
+ <properties>
+ <help>Login is allowed for users whose primary or supplementary group matches</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="user">
+ <properties>
+ <help>Login is allowed only for user names that match</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="deny">
+ <children>
+ <leafNode name="group">
+ <properties>
+ <help>Login is disallowed for users whose primary or supplementary group matches</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="user">
+ <properties>
+ <help>Login is disallowed for user names that match</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
</children>
</node>
- <leafNode name="allow-root">
- <properties>
- <help>Enable root login over ssh</help>
- <valueless/>
- </properties>
- </leafNode>
<leafNode name="ciphers">
<properties>
- <help>Allowed ciphers</help>
+ <help>Specifies allowed Ciphers</help>
<completionHelp>
<script>ssh -Q cipher | tr '\n' ' '</script>
</completionHelp>
+ <multi/>
</properties>
</leafNode>
<leafNode name="disable-host-validation">
@@ -66,10 +73,11 @@
</leafNode>
<leafNode name="key-exchange">
<properties>
- <help>Key exchange algorithms</help>
+ <help>Specifies available KEX (Key Exchange) algorithms</help>
<completionHelp>
<script>ssh -Q kex | tr '\n' ' '</script>
</completionHelp>
+ <multi/>
</properties>
</leafNode>
<leafNode name="listen-address">
@@ -117,10 +125,11 @@
</leafNode>
<leafNode name="mac">
<properties>
- <help>Allowed message authentication algorithms</help>
+ <help>Specifies available MAC (message authentication code) algorithms</help>
<completionHelp>
<script>ssh -Q mac | tr '\n' ' '</script>
</completionHelp>
+ <multi/>
</properties>
</leafNode>
<leafNode name="port">