| Age | Commit message (Collapse) | Author |
|
Reaches a clean typos baseline for the T8490 ruleset pilot. Categories:
- Comments/docs: recursivly, taret, passsed, characted, arhive, AtrributeError;
"ned" -> "new" (migration comments).
- Messages/strings: writeable -> writable (x5); OCaml log "Commandis" -> "Command is".
- Local variables (all refs in-function): commited, formating, presistent;
inpt_range -> input_range; tz_datas -> tz_data_raw (avoids the tz_data collision).
- Self-contained renames (definition + all references in-file): formated_stats,
_get_formatted_output_conections -> ..._connections, expension_failure ->
expansion_failure (ping + traceroute), snmpd_restart_reqired -> ..._required.
False positives are allowlisted centrally (vyos/.github, separate PR), NOT changed
here: mke2fs, Maya-calendar "Mak", RFC 4122 "IDentifier" (hostapd), and VPP's
"U-Forwrd" bridge-domain column header (op_mode/vpp.py + the VPP smoketest assert
the real upstream `vppctl` output). Verified: typos clean, py_compile of every
edited .py, zero remaining old-identifier references.
🤖 Generated by [robots](https://vyos.io)
|
|
Fix typos and mistakes in the commands and comments
No functional changes
|
|
OpenSSH in Debian Trixie has removed support for ssh-dss (DSA) keys, which will
prevent users with such keys from logging in after upgrade. To avoid lockouts,
add a loud deprecation warning when users log in using a DSA key. This warning
advises affected users to replace their keys with a supported algorithm (e.g.,
ed25519 or RSA) before the upgrade.
Deprecation warning will be displayed during "commit" but also as MOTD to inform
on this issue during every login.
DEPRECATION WARNING: Support for SSH-DSA keys is deprecated and will
be removed in VyOS 1.6. Please update affected keys to a supported
algorithm (e.g., RSA, ECDSA or ED25519) to avoid authentication
failures after the upgrade. The following hostkey-algorithms are in
use: ssh-dss, ssh-dss-cert-v01@openssh.com
|
|
OpenSSH in Debian Trixie has removed support for ssh-dss (DSA) keys, which will
prevent users with such keys from logging in after upgrade. To avoid lockouts,
add a loud deprecation warning when users log in using a DSA key. This warning
advises affected users to replace their keys with a supported algorithm (e.g.,
ed25519 or RSA) before the upgrade.
Deprecation warning will be displayed during "commit" but also as MOTD to inform
on this issue during every login.
DEPRECATION WARNING: Support for SSH-DSA keys is deprecated and will
be removed in VyOS 1.6. Please update affected keys to a supported
algorithm (e.g., RSA, ECDSA or ED25519) to avoid authentication
failures after the upgrade. The following users are using SSH-DSS keys
for authentication.
User "vyos" with deprecated public-key named: foo
|
|
We already support using per-user SSH public keys for system authentication.
Instead of introducing a new CLI path to configure per-user principal names,
we should continue using the existing CLI location and store the principal
names alongside the corresponding SSH public keys.
set system login user <name> principal <principal>
The certificate used for SSH authentication contains an embedded principal
name, which is defined under this CLI node. Only users with matching principal
names are permitted to log in.
|
|
|
|
When configuring RADIUS to use IPv6 as connection to the server with an
optional source-address
set system login radius server 2001:db8::4 key '9LMVCtPYpG'
set system login radius source-address '2001:db8::1'
It will error out:
pam_radius_auth(sshd:auth): Failed looking up source IP address [2001:db8::1]
for server [2001:db8::4]:1812 (error=System error)
The source address is not allowed to be in [] - thus the brackets need to be
removed.
|
|
There is no need to send local base OS accounts like root or daemon to the
tacacs server. This will only make the CLI experience sluggish.
Build up a dynamic list of user accounts to exclude from TACACS lookup.
|
|
|
|
(cherry picked from commit 3abe7c72c95c3d9b825db08b092c555786e9fbcf)
Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io>
|
|
|
|
Use URLs provided by flavor build system and version.json file
|
|
Implement VyOS ASCII art contest winners logo as the default for our MOTD
|
|
We will use _ as CLI level divider. The XML definition filename and also
the Python helper should match the CLI node.
Example:
set interfaces ethernet -> interfaces_ethernet.xml.in
set interfaces bond -> interfaces_bond.xml.in
set service dhcp-server -> service_dhcp-server-xml.in
|
|
|
|
maxsyslogins
maximum number of all logins on system; user is not
allowed to log-in if total number of all user logins is
greater than specified number (this limit does not apply
to user with uid=0)
set system login max-login-session 2
|
|
Move default values of TOTP configuration from a global to a per user setting.
This makes the entire code easier as no global configuration must be blended
into the per user config dict.
Also it should be possible to set the authentication window "multiple concurrent
keys" individual per user.
set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq'
set system login user vyos authentication plaintext-password 'vyos'
|
|
system login: T874: add 2FA support for local and ssh authentication
|
|
|
|
Ability to terminate interactive sessions (TTY/PTS) after a period
of inactivity.
set system login timeout '300'
|
|
|
|
|
|
|
|
|
|
|