summaryrefslogtreecommitdiff
path: root/src/conf_mode/ssh.py
AgeCommit message (Collapse)Author
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-01-14systemd: T2185: always place generated override files in /runChristian Breunig
This prevents any stale override files when the system is beeing rebooted, but the actual configuration was not saved. /run is a tmpfs and thus always fresh after boot.
2022-10-10ssh: T4716: Ablity to configure RekeyLimit data and timeViacheslav Hletenko
Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60
2022-08-25ssh: T2185: use reload-or-restart on configuration changesChristian Poessinger
2022-05-12sshguard: T4408: Add service ssh dynamic-protectionViacheslav Hletenko
Sshguard protects hosts from brute-force attacks Can inspect logs and block "bad" addresses by threshold Auto-generate rules for nftables When service stopped all generated rules are deleted nft "type filter hook input priority filter - 10" set service ssh dynamic-protection set service ssh dynamic-protection block-time 120 set service ssh dynamic-protection detect-time 1800 set service ssh dynamic-protection threshold 30 set service ssh dynamic-protection whitelist-address 192.0.2.1
2022-04-14ssh: T4353: fix Jinja2 linting errorsChristian Poessinger
2021-01-17ssh: T671: generate rsa, dsa and ed25519 keys on demandChristian Poessinger
2021-01-13ssh: T3212: do not make /run/sshd directory disappear on failureChristian Poessinger
2021-01-07ssh: T2635: harden Jinja2 template and daemon startupChristian Poessinger
2021-01-07ssh: T2635: change sshd_config path to /run/sshdChristian Poessinger
2020-11-27vyos.template: T2720: always enable Jinja2 trim_blocks featureChristian Poessinger
2020-11-12ssh: T2635: drop superfluous importChristian Poessinger
Commit a1327d2b970 ("ssh: T2635: reuse common verify_vrf() function") already moved to the common verify logic but did not remove the no longer needed import statement.
2020-10-30ssh: T2635: reuse common verify_vrf() functionChristian Poessinger
2020-08-31configd: T2582: add scripts to include list for daemonJohn Estabrook
2020-08-03ssh: T1076: make configuration volatileChristian Poessinger
Move sshd_config file to /run so it must be generated on every boot and is not stored accidently.
2020-07-01config: T2667: adapt for refinements to get_config_dictJohn Estabrook
2020-06-23ssh: T2635: migrate to get_config_dict()Christian Poessinger
Jinja template contains some workarounds like {% if port is string %}, this depends of the resolution of https://phabricator.vyos.net/T2636
2020-06-13ssh: T2321: always run "systemctl daemon-reload"Christian Poessinger
2020-06-13ssh: T2321: fix invalid string/list assignment of default portChristian Poessinger
Commit 5deb12c509be ("ssh: T2321: add VRF support") restructured the Port assignment (cleanup from the early days) but it accesses a string with methods used for a list, resulting in the funny default port 2.
2020-06-11ssh: T2321: add VRF supportChristian Poessinger
2020-06-11ssh: T2321: use list over string when working with Config()Christian Poessinger
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-05-19util: T2467: add systemctl to autosudoThomas Mangin
2020-04-12template: T2230: use render to generate templatesThomas Mangin
convert all call to jinja to use template.render
2020-04-09util: T2226: os.system was wrongly converted to runThomas Mangin
os.system does print the ouput of the command, run() does not. A new function called call() does the printing and return the error code.
2020-04-06util: T2226: covert most calls from os.system to utilThomas Mangin
As little change a possible but the function call The behaviour should be totally unchanged.
2020-04-05ssh: T2230: add Jinja2 trim_blocks Environment optionChristian Poessinger
2020-04-05ssh: T2230: move inlined templates to dedicated filesChristian Poessinger
2019-10-19Merge branch 'current' of github.com:vyos/vyos-1x into equuleusChristian Poessinger
* 'current' of github.com:vyos/vyos-1x: T1749: support multiple ranges in the numeric validator. dhcp-server: T1745: bugfix corner case on static-assignments system-proxy: T1741 - Add system wide proxy setting wireguard - remove endpoint check to enable roaming connections system-proxy: T1741 - Add system wide proxy setting CLI implementation Python/ifconfig: T1712: always start DHCP when configured Python/ifconfig: T1557: get_status() must use admin state not operstate bgp: T1490: fix migrator file permissions snmp: T1737: add missing completion helpers Revert "Python/ifconfig: T1712: wait when changing interface state" snmpd: T1705 - High CPU usage by bgpd when snmp is active Revert "snmpd: T1705 - High CPU usage by bgpd when snmp is active" openvpn: T1548: clean out import statements ssh.py: check if file exists before deleting it [BGP] T1490: Added migration for obsoleted 'bgp scan-time' parameter
2019-10-13ssh.py: check if file exists before deleting itChristian Poessinger
2019-10-09ssh - T1719: ssh deprecated options removedhagbard
* Deprecated option since openssh 7.5 UsePrivilegeSeparation, KeyRegenerationInterval, ServerKeyBits, RSAAuthentication, RhostsRSAAuthentication
2018-10-21T634: remove 'service ssh allow-root'Christian Poessinger
2018-10-19Add Client keepalive option for use with cloud-initUnicronNL
Add option to specify multiple listening ports Clean up template generation layout
2018-08-26ssh.py: start/stop service via systemctlChristian Poessinger
2018-05-23Use normal assignment by key instead of setdefault() everywhere.Daniil Baturin
The setdefault() dict object method updates the value only if it's not already set, so it's useless for what we want to do, despite its deceptive name.
2018-05-16conf_mode: remove generation time from config header and adjust scriptnameChristian Poessinger
2018-05-16Revert "T634: Remove 'service ssh allow-root'"Christian Poessinger
This reverts commit d9474df03d47b20f06580c3b32aac69849162015.
2018-05-16T644: remove prefixing from all scripts and update environment variables ↵Daniil Baturin
with VyOS paths.