diff options
| -rw-r--r-- | data/templates/ssh/sshd_config.tmpl | 2 | ||||
| -rw-r--r-- | interface-definitions/ssh.xml.in | 14 | ||||
| -rwxr-xr-x | src/migration-scripts/ssh/1-to-2 | 55 |
3 files changed, 63 insertions, 8 deletions
diff --git a/data/templates/ssh/sshd_config.tmpl b/data/templates/ssh/sshd_config.tmpl index dbc5c3646..4fde24255 100644 --- a/data/templates/ssh/sshd_config.tmpl +++ b/data/templates/ssh/sshd_config.tmpl @@ -46,7 +46,7 @@ Port {{ value }} {% endif %} # Gives the verbosity level that is used when logging messages from sshd -LogLevel {{ loglevel }} +LogLevel {{ loglevel | upper }} # Specifies whether password authentication is allowed PasswordAuthentication {{ "no" if disable_password_authentication is defined else "yes" }} diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index 1b20f5776..d253c2f34 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -132,30 +132,30 @@ <properties> <help>Log level</help> <completionHelp> - <list>QUIET FATAL ERROR INFO VERBOSE</list> + <list>quiet fatal error info verbose</list> </completionHelp> <valueHelp> - <format>QUIET</format> + <format>quiet</format> <description>stay silent</description> </valueHelp> <valueHelp> - <format>FATAL</format> + <format>fatal</format> <description>log fatals only</description> </valueHelp> <valueHelp> - <format>ERROR</format> + <format>error</format> <description>log errors and fatals only</description> </valueHelp> <valueHelp> - <format>INFO</format> + <format>info</format> <description>default log level</description> </valueHelp> <valueHelp> - <format>VERBOSE</format> + <format>verbose</format> <description>enable logging of failed login attempts</description> </valueHelp> <constraint> - <regex>^(QUIET|FATAL|ERROR|INFO|VERBOSE)$</regex> + <regex>^(quiet|fatal|error|info|verbose)$</regex> </constraint> </properties> <defaultValue>INFO</defaultValue> diff --git a/src/migration-scripts/ssh/1-to-2 b/src/migration-scripts/ssh/1-to-2 new file mode 100755 index 000000000..bc8815753 --- /dev/null +++ b/src/migration-scripts/ssh/1-to-2 @@ -0,0 +1,55 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# VyOS 1.2 crux allowed configuring a lower or upper case loglevel. This +# is no longer supported as the input data is validated and will lead to +# an error. If user specifies an upper case logleve, make it lowercase + +from sys import argv,exit +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['service', 'ssh', 'loglevel'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) +else: + # red in configured loglevel and convert it to lower case + tmp = config.return_value(base).lower() + + # VyOS 1.2 had no proper value validation on the CLI thus the + # user could use any arbitrary values - sanitize them + if tmp not in ['quiet', 'fatal', 'error', 'info', 'verbose']: + tmp = 'info' + + config.set(base, value=tmp) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) |