diff --git a/src/etc/inc/plugins.inc.d/openssh.inc b/src/etc/inc/plugins.inc.d/openssh.inc
index 047b3e7e778..1c5f29c3942 100644
--- a/src/etc/inc/plugins.inc.d/openssh.inc
+++ b/src/etc/inc/plugins.inc.d/openssh.inc
@@ -41,6 +41,7 @@ function openssh_configure()
return array(
'earlybootup' => array('openssh_configure_do'),
'local' => array('openssh_configure_do'),
+ 'newwanip' => array('openssh_configure_do:2'),
);
}
@@ -64,12 +65,15 @@ function openssh_services()
return $services;
}
-function openssh_configure_do($verbose = false)
+function openssh_stop()
{
- global $config;
-
/* if run from a shell session, `-af' and the full path is needed */
mwexecf('/bin/pkill -af %s', '/usr/local/sbin/sshd', true);
+}
+
+function openssh_configure_do($verbose = false, $interface = '')
+{
+ global $config;
$sshcfg = null;
@@ -81,9 +85,21 @@ function openssh_configure_do($verbose = false)
}
if ($sshcfg === null) {
+ openssh_stop();
+ return;
+ }
+
+ $interfaces = array();
+ if (!empty($sshcfg['interfaces'])) {
+ $interfaces = explode(',', $sshcfg['interfaces']);
+ }
+
+ if (!empty($interface) && !in_array($interface, $interfaces)) {
return;
}
+ openssh_stop();
+
/* make sshd key store */
@mkdir('/conf/sshd', 0777, true);
@@ -162,6 +178,28 @@ function openssh_configure_do($verbose = false)
$sshconf .= "HostKey {$file}\n";
}
+ $any = count($interfaces) ? false : true;
+
+ foreach ($interfaces as $interface) {
+ $realif = get_real_interface($interface);
+ $addrs = legacy_get_interface_addresses($realif);
+ if (!empty($addrs['ipaddr'])) {
+ $sshconf .= "ListenAddress {$addrs['ipaddr']}\n";
+ $any = true;
+ }
+ if (!empty($addrs['ipaddr6'])) {
+ $sshconf .= "ListenAddress {$addrs['ipaddr6']}\n";
+ $any = true;
+ }
+ $viparr = &config_read_array('virtualip', 'vip');
+ foreach ($viparr as $vip) {
+ if ($vip['interface'] == $interface && is_ipaddr($vip['subnet'])) {
+ $sshconf .= "ListenAddress {$vip['subnet']}\n";
+ $any = true;
+ }
+ }
+ }
+
file_put_contents("/usr/local/etc/ssh/sshd_config", $sshconf);
if ($verbose) {
@@ -169,7 +207,7 @@ function openssh_configure_do($verbose = false)
flush();
}
- if (mwexecf('/usr/bin/protect -i /usr/local/sbin/sshd')) {
+ if (!$any || mwexecf('/usr/bin/protect -i /usr/local/sbin/sshd')) {
if ($verbose) {
echo "failed.\n";
}
diff --git a/src/etc/rc.sshd b/src/etc/rc.sshd
index eac05ff5b4d..efbf2d84704 100755
--- a/src/etc/rc.sshd
+++ b/src/etc/rc.sshd
@@ -31,6 +31,7 @@
require_once('config.inc');
require_once('util.inc');
+require_once('interfaces.inc');
require_once('plugins.inc.d/openssh.inc');
openssh_configure_do(true);
diff --git a/src/www/system_advanced_admin.php b/src/www/system_advanced_admin.php
index afd26d73622..a6fea8ef235 100644
--- a/src/www/system_advanced_admin.php
+++ b/src/www/system_advanced_admin.php
@@ -60,6 +60,7 @@
$pconfig['secondaryconsole'] = $config['system']['secondaryconsole'];
$pconfig['enablesshd'] = $config['system']['ssh']['enabled'];
$pconfig['sshport'] = $config['system']['ssh']['port'];
+ $pconfig['sshinterfaces'] = !empty($config['system']['ssh']['interfaces']) ? explode(',', $config['system']['ssh']['interfaces']) : array();
$pconfig['passwordauth'] = isset($config['system']['ssh']['passwordauth']);
$pconfig['sshdpermitrootlogin'] = isset($config['system']['ssh']['permitrootlogin']);
$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']);
@@ -199,6 +200,8 @@
/* always store setting to prevent installer auto-start */
$config['system']['ssh']['noauto'] = 1;
+ $config['system']['ssh']['interfaces'] = !empty($pconfig['sshinterfaces']) ? implode(',', $pconfig['sshinterfaces']) : null;
+
if (!empty($pconfig['enablesshd'])) {
$config['system']['ssh']['enabled'] = 'enabled';
} elseif (isset($config['system']['ssh']['enabled'])) {
@@ -558,6 +561,23 @@
+
+ | |
+
+
+
+
+
+
+ |
+
|