login about faq

How to create sub configs?

asked Dec 14 '10 at 21:06

SSH%20KB's gravatar image

SSH KB ♦
509249246237


It is possible to divide the SSH Tectia Server configuration into several files. You can define external XML files containing sub-configurations for example with department-specific or user-group-specific settings. This can make the configuration easier to manage as it is in smaller parts, and the sub-configuration files can be used repeatedly in several places.

Note: Configuration files consisting of several XML-files must be maintained manually, because split configuration files cannot be edited with the SSH Tectia Server Configuration GUI.

The sub-configuration files must be declared as external SYSTEM entities within the DOCTYPE element of the ssh-server-config.xml file. For example the entity-name below:

<!DOCTYPE secsh-server SYSTEM
"/etc/ssh2/ssh-tectia/auxdata/ssh-server-ng/ssh-server-ng-config-1.dtd" [
<!ENTITY entity-name SYSTEM "sub-config-file.xml">

The defined entity can then be used in the main configuration file instead of defining all the settings there.

The server configuration will read the contents of the sub-configuration file in the place of the entity. So the sub-configuration file contents must be designed so that they produce a valid XML structure in the sshserver- config.xml file.

In this example we have a sub-configuration file named group-example-rules.xml, located in sub-directory subconfigs/, and with the following contents:

<terminal action="deny" />
<subsystem type="sftp" application="sft-server-g3" chroot="%homedir%" />
<tunnel-agent action="deny" />
<tunnel-x11 action="deny" />
<tunnel-local action="deny" />
<tunnel-remote action="deny" />

In the example below, we first declare the sub-configuration file (and its location) as an external entity in the beginning of the ssh-server-config.xml file, and then use the group-A-rules entity in the actual configuration as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE secsh-server SYSTEM
"/etc/ssh2/ssh-tectia/auxdata/ssh-server-ng/ssh-server-ng-config-1.dtd" [
<!ENTITY group-A-rules SYSTEM "subconfigs/group-example-rules.xml">
]>
<secsh-server>
...
<services>
<group name="example">
<selector>
<user-group name="example"/>
</selector>
</group>
...
<rule group="example">
&group-A-rules;
</rule>
...
</services>
</secsh-server>
link

answered Dec 14 '10 at 21:12

SSH%20KB's gravatar image

SSH KB ♦
509249246237

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×1

Asked: Dec 14 '10 at 21:06

Seen: 948 times

Last updated: Dec 14 '10 at 21:12

Related questions

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.