Page MenuHomeVyOS Platform

Switch to multi node configuration for additional SSH options introduced in 1.2.x
Closed, ResolvedPublicFEATURE REQUEST


As written in T631 and T122 the SSH option syntax can be improved by moving from a comma separated list to a multi node implementation. This in addition makes adding/removing members to e.g. (Allow|Deny)Users or (Allow|Deny)Groups easier.

The new configuration syntax suggested is:

ssh {
    access-control {
        allow {
            group admin
            group sudo
            user admin1
            user foo
            user bar
        deny {
            group parttimeadmin
            user user192
    port 22

In addition configuration of the key exchange mechanism, MAC and cipher has been added. Currently only one KEYX, MAC and Cipher can be added whereas OpenSSHd allows multiple of them.

The change is quiet trivial after T631 is integrated but it's a configuration break so @syncer @dmbaturin @alainlamar please advise.

@alainlamar is the initial author.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close