Page MenuHomeVyOS Platform

Switch to multi node configuration for additional SSH options introduced in 1.2.x
Closed, ResolvedPublicFEATURE REQUEST

Description

As written in T631 and T122 the SSH option syntax can be improved by moving from a comma separated list to a multi node implementation. This in addition makes adding/removing members to e.g. (Allow|Deny)Users or (Allow|Deny)Groups easier.

The new configuration syntax suggested is:

ssh {
    access-control {
        allow {
            group admin
            group sudo
            user admin1
            user foo
            user bar
        }
        deny {
            group parttimeadmin
            user user192
        }
    }
    port 22
}

In addition configuration of the key exchange mechanism, MAC and cipher has been added. Currently only one KEYX, MAC and Cipher can be added whereas OpenSSHd allows multiple of them.

The change is quiet trivial after T631 is integrated but it's a configuration break so @syncer @dmbaturin @alainlamar please advise.

@alainlamar is the initial author.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close