summaryrefslogtreecommitdiff
path: root/interface-definitions/ssh.xml
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2018-05-13 14:10:15 +0200
committerChristian Poessinger <christian@poessinger.com>2018-05-14 11:30:22 +0200
commitc5774b1dacb5c4bc67d2bf6f63ed92a296923220 (patch)
tree7ccee5fa962062a9aed930a1225c042191c3d7fa /interface-definitions/ssh.xml
parent860b229fe00998d2dd2d020d7dc847f99e709c26 (diff)
downloadvyos-1x-c5774b1dacb5c4bc67d2bf6f63ed92a296923220.tar.gz
vyos-1x-c5774b1dacb5c4bc67d2bf6f63ed92a296923220.zip
T632: use multi node for SSH allow/deny users and groups
Diffstat (limited to 'interface-definitions/ssh.xml')
-rw-r--r--interface-definitions/ssh.xml54
1 files changed, 33 insertions, 21 deletions
diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml
index f898f3934..7b16939c6 100644
--- a/interface-definitions/ssh.xml
+++ b/interface-definitions/ssh.xml
@@ -13,29 +13,41 @@
<children>
<node name="access-control">
<properties>
- <help>SSH user/group access controls. Directives are processed in this: deny-users, allow-users, deny-groups and allow-groups</help>
+ <help>SSH user/group access controls. Directives are processed in this: deny-users, allow-users, deny-groups and allow-groups</help>
</properties>
<children>
- <leafNode name="allow-groups">
- <properties>
- <help>Configure sshd_config access control for allowed groups</help>
- </properties>
- </leafNode>
- <leafNode name="allow-users">
- <properties>
- <help>Configure sshd_config access control for allowed users</help>
- </properties>
- </leafNode>
- <leafNode name="deny-groups">
- <properties>
- <help>Configure sshd_config access control for disallowed groups</help>
- </properties>
- </leafNode>
- <leafNode name="deny-users">
- <properties>
- <help>Configure sshd_config access control for disallowed users</help>
- </properties>
- </leafNode>
+ <node name="allow">
+ <children>
+ <leafNode name="group">
+ <properties>
+ <help>Login is allowed for users whose primary or supplementary group matches</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="user">
+ <properties>
+ <help>Login is allowed only for user names that match</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
+ <node name="deny">
+ <children>
+ <leafNode name="group">
+ <properties>
+ <help>Login is disallowed for users whose primary or supplementary group matches</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="user">
+ <properties>
+ <help>Login is disallowed for user names that match</help>
+ <multi/>
+ </properties>
+ </leafNode>
+ </children>
+ </node>
</children>
</node>
<leafNode name="allow-root">