diff --git a/src/etc/config.xml.sample b/src/etc/config.xml.sample
index 310cd8815cb..423a14736da 100644
--- a/src/etc/config.xml.sample
+++ b/src/etc/config.xml.sample
@@ -231,6 +231,9 @@
aesni
1
1
+
+ admins
+
diff --git a/src/etc/inc/plugins.inc.d/openssh.inc b/src/etc/inc/plugins.inc.d/openssh.inc
index 2f00edcc308..6b260b4fc51 100644
--- a/src/etc/inc/plugins.inc.d/openssh.inc
+++ b/src/etc/inc/plugins.inc.d/openssh.inc
@@ -3,7 +3,7 @@
/*
* Copyright (C) 2004 Scott Ullrich
* Copyright (C) 2004 Fred Mol .
- * Copyright (C) 2015-2017 Franco Fichtner
+ * Copyright (C) 2015-2018 Franco Fichtner
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -158,7 +158,11 @@ function openssh_configure_do($verbose = false, $interface = '')
$sshconf .= "X11Forwarding no\n";
$sshconf .= "PubkeyAuthentication yes\n";
$sshconf .= "Subsystem sftp internal-sftp\n";
- $sshconf .= "AllowGroups wheel\n";
+ $sshconf .= "AllowGroups wheel";
+ if (!empty($sshcfg['group'][0])) {
+ $sshconf .= " {$sshcfg['group'][0]}";
+ }
+ $sshconf .= "\n";
if (isset($sshcfg['permitrootlogin'])) {
$sshconf .= "PermitRootLogin yes\n";
} else {
diff --git a/src/www/system_advanced_admin.php b/src/www/system_advanced_admin.php
index 199e52afe69..49436a6480f 100644
--- a/src/www/system_advanced_admin.php
+++ b/src/www/system_advanced_admin.php
@@ -35,6 +35,8 @@
require_once("system.inc");
require_once("services.inc");
+$a_group = &config_read_array('system', 'group');
+
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
$pconfig['webguiinterfaces'] = !empty($config['system']['webgui']['interfaces']) ? explode(',', $config['system']['webgui']['interfaces']) : array();
@@ -57,7 +59,9 @@
$pconfig['enablesshd'] = $config['system']['ssh']['enabled'];
$pconfig['sshport'] = $config['system']['ssh']['port'];
$pconfig['sshinterfaces'] = !empty($config['system']['ssh']['interfaces']) ? explode(',', $config['system']['ssh']['interfaces']) : array();
- $pconfig['passwordauth'] = isset($config['system']['ssh']['passwordauth']);
+ /* XXX listtag "fun" */
+ $pconfig['sshlogingroup'] = !empty($config['system']['ssh']['group'][0]) ? $config['system']['ssh']['group'][0] : null;
+ $pconfig['sshpasswordauth'] = isset($config['system']['ssh']['passwordauth']);
$pconfig['sshdpermitrootlogin'] = isset($config['system']['ssh']['permitrootlogin']);
$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']);
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
@@ -187,7 +191,13 @@
unset($config['system']['ssh']['enabled']);
}
- if (!empty($pconfig['passwordauth'])) {
+ if (!empty($pconfig['sshlogingroup'])) {
+ $config['system']['ssh']['group'] = $pconfig['sshlogingroup'];
+ } elseif (isset($config['system']['ssh']['group'])) {
+ unset($config['system']['ssh']['group']);
+ }
+
+ if (!empty($pconfig['sshpasswordauth'])) {
$config['system']['ssh']['passwordauth'] = true;
} elseif (isset($config['system']['ssh']['passwordauth'])) {
unset($config['system']['ssh']['passwordauth']);
@@ -246,7 +256,6 @@
}
}
-
$a_cert = isset($config['cert']) ? $config['cert'] : array();
$interfaces = get_configured_interface_with_descr();
@@ -258,12 +267,13 @@
if (empty($pconfig['webguiproto']) || !$certs_available) {
$pconfig['webguiproto'] = "http";
}
+
legacy_html_escape_form_data($pconfig);
+legacy_html_escape_form_data($a_group);
include("head.inc");
?>
-