Age | Commit message (Collapse) | Author |
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
This prevents any stale override files when the system is beeing rebooted,
but the actual configuration was not saved. /run is a tmpfs and thus
always fresh after boot.
|
|
Ability to configure SSH RekeyLimit data (in Megabytes) and
time (in Minutes)
set service ssh rekey data 1024
set service ssh rekey time 60
|
|
|
|
Sshguard protects hosts from brute-force attacks
Can inspect logs and block "bad" addresses by threshold
Auto-generate rules for nftables
When service stopped all generated rules are deleted
nft "type filter hook input priority filter - 10"
set service ssh dynamic-protection
set service ssh dynamic-protection block-time 120
set service ssh dynamic-protection detect-time 1800
set service ssh dynamic-protection threshold 30
set service ssh dynamic-protection whitelist-address 192.0.2.1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Commit a1327d2b970 ("ssh: T2635: reuse common verify_vrf() function") already
moved to the common verify logic but did not remove the no longer needed import
statement.
|
|
|
|
|
|
Move sshd_config file to /run so it must be generated on every boot and is
not stored accidently.
|
|
|
|
Jinja template contains some workarounds like {% if port is string %}, this
depends of the resolution of https://phabricator.vyos.net/T2636
|
|
|
|
Commit 5deb12c509be ("ssh: T2321: add VRF support") restructured the Port
assignment (cleanup from the early days) but it accesses a string with methods
used for a list, resulting in the funny default port 2.
|
|
|
|
|
|
airbag must now be explicitly installed.
the patch also allow to fully disables the installation of the logging
code at setup (and not just installing and doing nothing)
|
|
|
|
convert all call to jinja to use template.render
|
|
os.system does print the ouput of the command, run() does not.
A new function called call() does the printing and return the error code.
|
|
As little change a possible but the function call
The behaviour should be totally unchanged.
|
|
|
|
|
|
* 'current' of github.com:vyos/vyos-1x:
T1749: support multiple ranges in the numeric validator.
dhcp-server: T1745: bugfix corner case on static-assignments
system-proxy: T1741 - Add system wide proxy setting
wireguard - remove endpoint check to enable roaming connections
system-proxy: T1741 - Add system wide proxy setting CLI implementation
Python/ifconfig: T1712: always start DHCP when configured
Python/ifconfig: T1557: get_status() must use admin state not operstate
bgp: T1490: fix migrator file permissions
snmp: T1737: add missing completion helpers
Revert "Python/ifconfig: T1712: wait when changing interface state"
snmpd: T1705 - High CPU usage by bgpd when snmp is active
Revert "snmpd: T1705 - High CPU usage by bgpd when snmp is active"
openvpn: T1548: clean out import statements
ssh.py: check if file exists before deleting it
[BGP] T1490: Added migration for obsoleted 'bgp scan-time' parameter
|
|
|
|
* Deprecated option since openssh 7.5 UsePrivilegeSeparation, KeyRegenerationInterval,
ServerKeyBits, RSAAuthentication, RhostsRSAAuthentication
|
|
|
|
Add option to specify multiple listening ports
Clean up template generation layout
|
|
|
|
The setdefault() dict object method updates the value only if it's not
already set, so it's useless for what we want to do, despite its deceptive name.
|
|
|
|
This reverts commit d9474df03d47b20f06580c3b32aac69849162015.
|
|
with VyOS paths.
|