openssh-sysrepo - NETCONF enabled OpenSSH fork

Fork of OpenSSH that uses sysrepo to store its configuration, which makes it remotely manageble via NETCONF.

The purpose of this project is to demonstrate how sysrepo & Netopeer 2 can be used to make an existing Linux application remotely manageable via NECTONF in a few hours.

Integration

Implementation only builds on existing OpenSSH faculties. Configuration in sshd_config is loaded first and then we read run-time configuration from sysrepo datastore. It works by way of updating server options context by information attained from sysrepo session.

Some of the features of OpenSSH that have been integrated with sysrepo so far are:

AllowUsers: list of users which are allowed to connect.
UsePAM: use PAM module for authentication.
PermitRootLogin: enable client to connect as root.

There are some more. And, more importantly, per need basis others are not difficult to implement.

Demo

Asciinema-recored demo of this integration is available here: http://www.sysrepo.org/openssh-demo

Installation

To use this integration, follow hese steps:

Install sysrepo.

[Initialize sysrepo with model and configuration]

# Inside openssh directory:
sysrepoctl --install --yang=sshd_config.yang
sysrepocfg --import=example_sshd_conf.xml --datastore=startup sshd_config

3 [Start daemon and NETCONF server]

sysrepod -l 0
netopeer2-server

[Configure OpenSSH]

autoreconf && ./configure LDCONFIG=-L/usr/lib LIBS=-lsysrepo

[Install OpenSSH]
```
make && make install
```

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
contrib		contrib
openbsd-compat		openbsd-compat
regress		regress
.gitignore		.gitignore
CREDITS		CREDITS
Dockerfile		Dockerfile
INSTALL		INSTALL
LICENCE		LICENCE
Makefile.in		Makefile.in
OVERVIEW		OVERVIEW
PROTOCOL		PROTOCOL
PROTOCOL.agent		PROTOCOL.agent
PROTOCOL.certkeys		PROTOCOL.certkeys
PROTOCOL.chacha20poly1305		PROTOCOL.chacha20poly1305
PROTOCOL.key		PROTOCOL.key
PROTOCOL.krl		PROTOCOL.krl
PROTOCOL.mux		PROTOCOL.mux
README		README
README.dns		README.dns
README.md		README.md
README.platform		README.platform
README.privsep		README.privsep
README.tun		README.tun
TODO		TODO
aclocal.m4		aclocal.m4
addrmatch.c		addrmatch.c
atomicio.c		atomicio.c
atomicio.h		atomicio.h
audit-bsm.c		audit-bsm.c
audit-linux.c		audit-linux.c
audit.c		audit.c
audit.h		audit.h
auth-bsdauth.c		auth-bsdauth.c
auth-chall.c		auth-chall.c
auth-krb5.c		auth-krb5.c
auth-options.c		auth-options.c
auth-options.h		auth-options.h
auth-pam.c		auth-pam.c
auth-pam.h		auth-pam.h
auth-passwd.c		auth-passwd.c
auth-rh-rsa.c		auth-rh-rsa.c
auth-rhosts.c		auth-rhosts.c
auth-rsa.c		auth-rsa.c
auth-shadow.c		auth-shadow.c
auth-sia.c		auth-sia.c
auth-sia.h		auth-sia.h
auth-skey.c		auth-skey.c
auth.c		auth.c
auth.h		auth.h
auth1.c		auth1.c
auth2-chall.c		auth2-chall.c
auth2-gss.c		auth2-gss.c
auth2-hostbased.c		auth2-hostbased.c
auth2-kbdint.c		auth2-kbdint.c
auth2-none.c		auth2-none.c
auth2-passwd.c		auth2-passwd.c
auth2-pubkey.c		auth2-pubkey.c
auth2.c		auth2.c
authfd.c		authfd.c
authfd.h		authfd.h
authfile.c		authfile.c
authfile.h		authfile.h
bitmap.c		bitmap.c
bitmap.h		bitmap.h
blocks.c		blocks.c
bufaux.c		bufaux.c
bufbn.c		bufbn.c
bufec.c		bufec.c
buffer.c		buffer.c
buffer.h		buffer.h
buildpkg.sh.in		buildpkg.sh.in
canohost.c		canohost.c
canohost.h		canohost.h
chacha.c		chacha.c
chacha.h		chacha.h
channels.c		channels.c
channels.h		channels.h
cipher-3des1.c		cipher-3des1.c
cipher-aes.c		cipher-aes.c
cipher-aesctr.c		cipher-aesctr.c
cipher-aesctr.h		cipher-aesctr.h
cipher-bf1.c		cipher-bf1.c
cipher-chachapoly.c		cipher-chachapoly.c
cipher-chachapoly.h		cipher-chachapoly.h
cipher-ctr.c		cipher-ctr.c
cipher.c		cipher.c
cipher.h		cipher.h
cleanup.c		cleanup.c
clientloop.c		clientloop.c
clientloop.h		clientloop.h
compat.c		compat.c
compat.h		compat.h
config.guess		config.guess
config.sub		config.sub
configure.ac		configure.ac
crc32.c		crc32.c
crc32.h		crc32.h
crypto_api.h		crypto_api.h
deattack.c		deattack.c
deattack.h		deattack.h

License

sysrepo-archive/openssh-sysrepo

Folders and files

Latest commit

History