4 files changed, 48 insertions, 25 deletions

diff --git a/interface-definitions/cron.xml b/interface-definitions/cron.xml
index 8e4c1294a..65b95c5a4 100644
--- a/interface-definitions/cron.xml
+++ b/interface-definitions/cron.xml
@@ -45,7 +45,7 @@
                     <description>Execution interval in days</description>
                   </valueHelp>
                   <constraint>
-                    <regex>[1-9]([0-9]+)([mhd]{0,1})</regex>
+                    <regex>[1-9]([0-9]*)([mhd]{0,1})</regex>
                   </constraint>
                 </properties>
               </leafNode>
diff --git a/interface-definitions/dns-forwarding.xml b/interface-definitions/dns-forwarding.xml
index 81aa6063d..60b90c6a7 100644
--- a/interface-definitions/dns-forwarding.xml
+++ b/interface-definitions/dns-forwarding.xml
@@ -62,6 +62,7 @@
               <leafNode name="ignore-hosts-file">
                 <properties>
                   <help>Do not use local /etc/hosts file in name resolution</help>
+                  <valueless/>
                 </properties>
               </leafNode>
               <leafNode name="listen-on">
@@ -94,6 +95,7 @@
               <leafNode name="system">
                 <properties>
                   <help>DNS forwarding to system nameservers</help>
+                  <valueless/>
                 </properties>
               </leafNode>
             </children>
diff --git a/interface-definitions/ntp.xml b/interface-definitions/ntp.xml
index c6fd8aa14..d9930a262 100644
--- a/interface-definitions/ntp.xml
+++ b/interface-definitions/ntp.xml
@@ -19,21 +19,25 @@
               <leafNode name="dynamic">
                 <properties>
                   <help>Allow server to be configured even if not reachable</help>
+                  <valueless/>
                 </properties>
               </leafNode>
               <leafNode name="noselect">
                 <properties>
                   <help>Marks the server as unused</help>
+                  <valueless/>
                 </properties>
               </leafNode>
               <leafNode name="preempt">
                 <properties>
                   <help>Specifies the association as preemptable rather than the default persistent</help>
+                  <valueless/>
                 </properties>
               </leafNode>
               <leafNode name="prefer">
                 <properties>
                   <help>Marks the server as preferred</help>
+                  <valueless/>
                 </properties>
               </leafNode>
             </children>
diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml
index 7b2d0a3f9..dfae1d8ed 100644
--- a/interface-definitions/ssh.xml
+++ b/interface-definitions/ssh.xml
@@ -13,55 +13,71 @@
         <children>
           <node name="access-control">
             <properties>
-                <help>SSH user/group access controls. Directives are processed in this: deny-users, allow-users, deny-groups and allow-groups</help>
+              <help>SSH user/group access controls. Directives are processed in this: deny-users, allow-users, deny-groups and allow-groups</help>
             </properties>
             <children>
-              <leafNode name="allow-groups">
-                <properties>
-                  <help>Configure sshd_config access control for allowed groups</help>
-                </properties>
-              </leafNode>
-              <leafNode name="allow-users">
-                <properties>
-                  <help>Configure sshd_config access control for allowed users</help>
-                </properties>
-              </leafNode>
-              <leafNode name="deny-groups">
-                <properties>
-                  <help>Configure sshd_config access control for disallowed groups</help>
-                </properties>
-              </leafNode>
-              <leafNode name="deny-users">
-                <properties>
-                  <help>Configure sshd_config access control for disallowed users</help>
-                </properties>
-              </leafNode>
+              <node name="allow">
+                <children>
+                  <leafNode name="group">
+                    <properties>
+                      <help>Login is allowed for users whose primary or supplementary group matches</help>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="user">
+                    <properties>
+                      <help>Login is allowed only for user names that match</help>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="deny">
+                <children>
+                  <leafNode name="group">
+                    <properties>
+                      <help>Login is disallowed for users whose primary or supplementary group matches</help>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                  <leafNode name="user">
+                    <properties>
+                      <help>Login is disallowed for user names that match</help>
+                      <multi/>
+                    </properties>
+                  </leafNode>
+                </children>
+              </node>
             </children>
           </node>
           <leafNode name="ciphers">
             <properties>
-              <help>Allowed ciphers</help>
+              <help>Specifies allowed Ciphers</help>
               <completionHelp>
                 <script>ssh -Q cipher | tr '\n' ' '</script>
               </completionHelp>
+              <multi/>
             </properties>
           </leafNode>
           <leafNode name="disable-host-validation">
             <properties>
               <help>Don't validate the remote host name with DNS</help>
+              <valueless/>
             </properties>
           </leafNode>
           <leafNode name="disable-password-authentication">
             <properties>
               <help>Don't allow unknown user to login with password</help>
+              <valueless/>
             </properties>
           </leafNode>
           <leafNode name="key-exchange">
             <properties>
-              <help>Key exchange algorithms</help>
+              <help>Specifies available KEX (Key Exchange) algorithms</help>
               <completionHelp>
                 <script>ssh -Q kex | tr '\n' ' '</script>
               </completionHelp>
+              <multi/>
             </properties>
           </leafNode>
           <leafNode name="listen-address">
@@ -109,10 +125,11 @@
           </leafNode>
           <leafNode name="mac">
             <properties>
-              <help>Allowed message authentication algorithms</help>
+                <help>Specifies available MAC (message authentication code) algorithms</help>
               <completionHelp>
                 <script>ssh -Q mac | tr '\n' ' '</script>
               </completionHelp>
+              <multi/>
             </properties>
           </leafNode>
           <leafNode name="port">