summaryrefslogtreecommitdiff
path: root/data/templates/ssh
AgeCommit message (Collapse)Author
2021-01-18ssh: T3212: remove RestartPreventExitStatus from systemd unitChristian Poessinger
When configuring SSH to only run inside a given VRF the system can not start SSHd on bootup as the Kernel will report EPERM (Operation not permitted) when loading the VRF BPF program. This returns the exit code 255 which is marked in the systemd unit file to stop restarting the service forever. Removing this limitation will restart the SSHd on startup and it will live inside the VRF till the end of days.
2021-01-13ssh: T3212: do not make /run/sshd directory disappear on failureChristian Poessinger
2021-01-07ssh: T2635: harden Jinja2 template and daemon startupChristian Poessinger
2021-01-07ssh: T2635: change sshd_config path to /run/sshdChristian Poessinger
2020-08-31T2636: remove workarounds for get_config_dict()Christian Poessinger
Now that b40c52682a256 ("config: T2636: get_config_dict() returns a list on multi node by default") is implemented the workarounds can be removed.
2020-08-03ssh: T1076: make configuration volatileChristian Poessinger
Move sshd_config file to /run so it must be generated on every boot and is not stored accidently.
2020-07-07ssh: T2691: bugfix loglevel config migrationChristian Poessinger
When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear if the user specified "info" as loglevel instead of "INFO". There was no input validation done in 1.2 but this is now enforced in 1.3. In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If an invalid loglevel is found it will be set to info.
2020-07-04ssh: vrf: T2682: support restart on failure indefinitelyChristian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04ssh: T2682: simplify VRF bindingChristian Poessinger
2020-06-26ssh: T2642: bugfix on multiple listen-address statementsChristian Poessinger
Commit 1d7f88b459d ("ssh: T2635: migrate to get_config_dict()") used a wrong loop iterator on the rendered ListenAddress statement.
2020-06-23ssh: T2635: migrate to get_config_dict()Christian Poessinger
Jinja template contains some workarounds like {% if port is string %}, this depends of the resolution of https://phabricator.vyos.net/T2636
2020-06-11ssh: T2321: add VRF supportChristian Poessinger
2020-05-29ssh: T2230: remove duplicated HostKey lineChristian Poessinger
2020-04-05ssh: T2230: move inlined templates to dedicated filesChristian Poessinger