From b9de775a5b4f017f9d164a127d93f55ce9053756 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Tue, 27 Sep 2022 16:06:52 +0000 Subject: ssh: T4716: Ablity to configure RekeyLimit data and time Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60 --- data/templates/ssh/sshd_config.j2 | 4 ++++ interface-definitions/ssh.xml.in | 31 +++++++++++++++++++++++++++++++ src/conf_mode/ssh.py | 3 +++ 3 files changed, 38 insertions(+) diff --git a/data/templates/ssh/sshd_config.j2 b/data/templates/ssh/sshd_config.j2 index e7dbca581..79b07478b 100644 --- a/data/templates/ssh/sshd_config.j2 +++ b/data/templates/ssh/sshd_config.j2 @@ -96,3 +96,7 @@ DenyGroups {{ access_control.deny.group | join(' ') }} # sshd(8) will send a message through the encrypted channel to request a response from the client ClientAliveInterval {{ client_keepalive_interval }} {% endif %} + +{% if rekey.data is vyos_defined %} +RekeyLimit {{ rekey.data }}M {{ rekey.time + 'M' if rekey.time is vyos_defined }} +{% endif %} diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in index 126183162..f3c731fe5 100644 --- a/interface-definitions/ssh.xml.in +++ b/interface-definitions/ssh.xml.in @@ -206,6 +206,37 @@ 22 + + + SSH session rekey limit + + + + + Threshold data in megabytes + + u32:1-65535 + Megabytes + + + + + + + + + Threshold time in minutes + + u32:1-65535 + Minutes + + + + + + + + Enable transmission of keepalives from server to client diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py index 2bbd7142a..8746cc701 100755 --- a/src/conf_mode/ssh.py +++ b/src/conf_mode/ssh.py @@ -73,6 +73,9 @@ def verify(ssh): if not ssh: return None + if 'rekey' in ssh and 'data' not in ssh['rekey']: + raise ConfigError(f'Rekey data is required!') + verify_vrf(ssh) return None -- cgit v1.2.3