diff options
author | Daniil Baturin <daniil@vyos.io> | 2024-04-03 02:30:00 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-03 02:30:00 +0200 |
commit | df2f99f2db19194ece81141c85e6bbb27cbe24ca (patch) | |
tree | 50a3f92f2423ec700a1f5fa987c7531847bb591a /src/conf_mode/service_ssh.py | |
parent | 516235769726e1e270c6a50523559daad528abac (diff) | |
parent | cc208d74567e44d6cffa4fc9fd58bd9bcf050930 (diff) | |
download | vyos-1x-df2f99f2db19194ece81141c85e6bbb27cbe24ca.tar.gz vyos-1x-df2f99f2db19194ece81141c85e6bbb27cbe24ca.zip |
Merge pull request #3235 from vyos/mergify/bp/sagitta/pr-3229
T6192: allow binding SSH to multiple VRF instances (backport #3229)
Diffstat (limited to 'src/conf_mode/service_ssh.py')
-rwxr-xr-x | src/conf_mode/service_ssh.py | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/src/conf_mode/service_ssh.py b/src/conf_mode/service_ssh.py index ee5e1eca2..9abdd33dc 100755 --- a/src/conf_mode/service_ssh.py +++ b/src/conf_mode/service_ssh.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2022 VyOS maintainers and contributors +# Copyright (C) 2018-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -30,7 +30,6 @@ from vyos import airbag airbag.enable() config_file = r'/run/sshd/sshd_config' -systemd_override = r'/run/systemd/system/ssh.service.d/override.conf' sshguard_config_file = '/etc/sshguard/sshguard.conf' sshguard_whitelist = '/etc/sshguard/whitelist' @@ -81,8 +80,6 @@ def generate(ssh): if not ssh: if os.path.isfile(config_file): os.unlink(config_file) - if os.path.isfile(systemd_override): - os.unlink(systemd_override) return None @@ -99,13 +96,10 @@ def generate(ssh): call(f'ssh-keygen -q -N "" -t ed25519 -f {key_ed25519}') render(config_file, 'ssh/sshd_config.j2', ssh) - render(systemd_override, 'ssh/override.conf.j2', ssh) if 'dynamic_protection' in ssh: render(sshguard_config_file, 'ssh/sshguard_config.j2', ssh) render(sshguard_whitelist, 'ssh/sshguard_whitelist.j2', ssh) - # Reload systemd manager configuration - call('systemctl daemon-reload') return None @@ -114,7 +108,7 @@ def apply(ssh): systemd_service_sshguard = 'sshguard.service' if not ssh: # SSH access is removed in the commit - call(f'systemctl stop {systemd_service_ssh}') + call(f'systemctl stop ssh@*.service') call(f'systemctl stop {systemd_service_sshguard}') return None @@ -126,9 +120,13 @@ def apply(ssh): # we need to restart the service if e.g. the VRF name changed systemd_action = 'reload-or-restart' if 'restart_required' in ssh: + # this is only true if something for the VRFs changed, thus we + # stop all VRF services and only restart then new ones + call(f'systemctl stop ssh@*.service') systemd_action = 'restart' - call(f'systemctl {systemd_action} {systemd_service_ssh}') + for vrf in ssh['vrf']: + call(f'systemctl {systemd_action} ssh@{vrf}.service') return None if __name__ == '__main__': |