summaryrefslogtreecommitdiff
path: root/interface-definitions/service_ssh.xml.in
AgeCommit message (Collapse)Author
2026-01-15ssh: T7483: Add fido2 PubkeyAuthOptionsChloe Surett
2025-12-14ssh: T8098: rename "ciphers" CLI node to "cipher"Christian Breunig
Follow VyOS CLI best practices for using singular whenever possible to build a CLI node. As we introduce a new migration 2 -> 3 for SSH we can correct this minor detail.
2025-12-14ssh: T8098: remove support for deprecated "rijndael-cbc@lysator.liu.se" cipherChristian Breunig
According to an Arch Linux forum discussion, the cipher rijndael-cbc@lysator.liu.se was removed in OpenSSH 6.7. References: - https://bbs.archlinux.org/viewtopic.php?id=188613 - https://www.openssh.org/txt/release-6.7 - https://github.com/openssh/openssh-portable/commit/03e93c753d7c223063a
2025-05-29ssh: T6013: rename trusted-user-ca-key -> truster-user-caChristian Breunig
The current implementation for SSH CA based authentication uses "set service ssh trusted-user-ca-key ca-certificate <foo>" to define an X.509 certificate from "set pki ca <foo> ..." - fun fact, native OpenSSH does not support X.509 certificates and only runs with OpenSSH ssh-keygen generated RSA or EC keys. This commit changes the bahavior to support antive certificates generated using ssh-keygen and loaded to our PKI tree. As the previous implementation did not work at all, no migrations cript is used.
2025-05-29ssh: T6013: move principal name to "system login user <name> authentication"Christian Breunig
We already support using per-user SSH public keys for system authentication. Instead of introducing a new CLI path to configure per-user principal names, we should continue using the existing CLI location and store the principal names alongside the corresponding SSH public keys. set system login user <name> principal <principal> The certificate used for SSH authentication contains an embedded principal name, which is defined under this CLI node. Only users with matching principal names are permitted to log in.
2025-05-29ssh: T6013: support SSH AuthorizedPrincipalsFile in use with trusted-user-ca-keyTakeru Hayasaka
Thisc omplements commit e7cab89f9f81 ("T6013: Add support for configuring TrustedUserCAKeys in SSH service with local and remote CA keys"). It introduces a new CLI node per user to support defining the authorized principals used by any given PKI certificate. It is now possible to associate SSH login users with their respective principals. Authored-by: Takeru Hayasaka <hayatake396@gmail.com>
2024-12-23T6013: Add support for configuring TrustedUserCAKeys in SSH service with ↵Takeru Hayasaka
local and remote CA keys
2024-06-28ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms optionkhramshinr
2024-04-01ssh: T6192: allow binding to multiple VRF instancesChristian Breunig
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF.
2023-12-31T5474: establish common file name pattern for XML conf mode commandsChristian Breunig
We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in