blob: ba5b887bc5ce6974ce8870286773f013880a794b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
<?xml version="1.0"?>
<!--SSH configuration -->
<interfaceDefinition>
<node name="service">
<children>
<node name="ssh" owner="${vyos_sbindir}/vyos-config-ssh.py">
<properties>
<help>Secure SHell (SSH) protocol</help>
<priority>500</priority>
</properties>
<children>
<node name="access-control">
<properties>
<help>SSH user/group access controls. Directives are processed in this: deny-users, allow-users, deny-groups and allow-groups</help>
</properties>
<children>
<leafNode name="allow-groups">
<properties>
<help>Configure sshd_config access control for allowed groups</help>
</properties>
</leafNode>
<leafNode name="allow-users">
<properties>
<help>Configure sshd_config access control for allowed users</help>
</properties>
</leafNode>
<leafNode name="deny-groups">
<properties>
<help>Configure sshd_config access control for disallowed groups</help>
</properties>
</leafNode>
<leafNode name="deny-users">
<properties>
<help>Configure sshd_config access control for disallowed users</help>
</properties>
</leafNode>
</children>
</node>
<leafNode name="allow-root">
<properties>
<help>Enable root login over ssh</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="ciphers">
<properties>
<help>Allowed ciphers</help>
<completionHelp>
<script>ssh -Q cipher | tr '\n' ' '</script>
</completionHelp>
</properties>
</leafNode>
<leafNode name="disable-host-validation">
<properties>
<help>Don't validate the remote host name with DNS</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="disable-password-authentication">
<properties>
<help>Don't allow unknown user to login with password</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="key-exchange">
<properties>
<help>Key exchange algorithms</help>
<completionHelp>
<script>ssh -Q kex | tr '\n' ' '</script>
</completionHelp>
</properties>
</leafNode>
<leafNode name="listen-address">
<properties>
<help>Local addresses SSH service should listen on</help>
<valueHelp>
<format>ipv4</format>
<description>IP address to listen for incoming connections</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>IPv6 address to listen for incoming connections</description>
</valueHelp>
<multi/>
<constraint>
<validator name="ipv4-address"/>
<validator name="ipv6-address"/>
</constraint>
</properties>
</leafNode>
<leafNode name="loglevel">
<properties>
<help>Log level</help>
<valueHelp>
<format>QUIET</format>
<description>stay silent</description>
</valueHelp>
<valueHelp>
<format>FATAL</format>
<description>log fatals only</description>
</valueHelp>
<valueHelp>
<format>ERROR</format>
<description>log errors and fatals only</description>
</valueHelp>
<valueHelp>
<format>INFO</format>
<description>default log level</description>
</valueHelp>
<valueHelp>
<format>VERBOSE</format>
<description>enable logging of failed login attempts</description>
</valueHelp>
</properties>
</leafNode>
<leafNode name="mac">
<properties>
<help>Allowed message authentication algorithms</help>
<completionHelp>
<script>ssh -Q mac | tr '\n' ' '</script>
</completionHelp>
</properties>
</leafNode>
<leafNode name="port">
<properties>
<help>Port for SSH service</help>
<valueHelp>
<format>1-65535</format>
<description>Numeric IP port</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-65535"/>
</constraint>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
</interfaceDefinition>
|