From d9474df03d47b20f06580c3b32aac69849162015 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 15 May 2018 22:23:38 +0200 Subject: T634: Remove 'service ssh allow-root' --- interface-definitions/ssh.xml | 5 ----- src/conf-mode/vyos-config-ssh.py | 8 +------- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/interface-definitions/ssh.xml b/interface-definitions/ssh.xml index f898f3934..7b2d0a3f9 100644 --- a/interface-definitions/ssh.xml +++ b/interface-definitions/ssh.xml @@ -38,11 +38,6 @@ - - - Enable root login over ssh - - Allowed ciphers diff --git a/src/conf-mode/vyos-config-ssh.py b/src/conf-mode/vyos-config-ssh.py index 1605dcd74..86b81366f 100755 --- a/src/conf-mode/vyos-config-ssh.py +++ b/src/conf-mode/vyos-config-ssh.py @@ -59,6 +59,7 @@ Banner /etc/issue.net Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes HostKey /etc/ssh/ssh_host_key +PermitRootLogin no # Specifies whether sshd should look up the remote host name, # and to check that the resolved host name for the remote IP @@ -72,9 +73,6 @@ Port {{ port }} # Gives the verbosity level that is used when logging messages from sshd LogLevel {{ log_level }} -# Specifies whether root can log in using ssh -PermitRootLogin {{ allow_root }} - # Specifies whether password authentication is allowed PasswordAuthentication {{ password_authentication }} @@ -142,7 +140,6 @@ DenyGroups {{ deny_groups | join(" ") }} default_config_data = { 'port' : '22', 'log_level': 'INFO', - 'allow_root': 'no', 'password_authentication': 'yes', 'host_validation': 'yes' } @@ -203,9 +200,6 @@ def get_config(): ssh.setdefault('deny_groups', groups) - if conf.exists('allow-root'): - ssh['allow-root'] = 'yes' - if conf.exists('ciphers'): # TODO: OpenSSH supports having multiple Ciphers configured. VyOS CLI # yet has no multi node for this. See T632 in phabricator. -- cgit v1.2.3