diff options
| -rw-r--r-- | interface-definitions/ssh.xml | 5 | ||||
| -rwxr-xr-x | src/conf_mode/ssh.py | 8 |
2 files changed, 12 insertions, 1 deletions
diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml index 22741c41a..606ec94df 100644 --- a/interface-definitions/ssh.xml +++ b/interface-definitions/ssh.xml @@ -50,6 +50,11 @@ </node> </children> </node> + <leafNode name="allow-root"> + <properties> + <help>Enable root login over ssh</help> + </properties> + </leafNode> <leafNode name="ciphers"> <properties> <help>Specifies allowed Ciphers</help> diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index a4857bba9..a7877eaeb 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -59,7 +59,6 @@ Banner /etc/issue.net Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes HostKey /etc/ssh/ssh_host_key -PermitRootLogin no # Specifies whether sshd should look up the remote host name, # and to check that the resolved host name for the remote IP @@ -73,6 +72,9 @@ Port {{ port }} # Gives the verbosity level that is used when logging messages from sshd LogLevel {{ log_level }} +# Specifies whether root can log in using ssh +PermitRootLogin {{ allow_root }} + # Specifies whether password authentication is allowed PasswordAuthentication {{ password_authentication }} @@ -140,6 +142,7 @@ DenyGroups {{ deny_groups | join(" ") }} default_config_data = { 'port' : '22', 'log_level': 'INFO', + 'allow_root': 'no', 'password_authentication': 'yes', 'host_validation': 'yes' } @@ -168,6 +171,9 @@ def get_config(): deny_groups = conf.return_values('access-control deny group') ssh.setdefault('deny_groups', deny_groups) + if conf.exists('allow-root'): + ssh['allow-root'] = 'yes' + if conf.exists('ciphers'): ciphers = conf.return_values('ciphers') ssh.setdefault('ciphers', ciphers) |