SSH Tectia
Home Prev Up Next  

Dividing the Configuration into Several Files

It is possible to divide the SSH Tectia Server configuration into several files. You can define external XML files containing sub-configurations for example with department-specific or user-group-specific settings. This can make the configuration easier to manage as it is in smaller parts, and the sub-configuration files can be used repeatedly in several places.

[Note]Note

Configuration files consisting of several XML-files must be maintained manually, because split configuration files cannot be edited with the SSH Tectia Server Configuration GUI.

The sub-configuration files must be declared as external SYSTEM entities within the DOCTYPE element of the ssh-server-config.xml file. For example the entity-name below:

<!DOCTYPE secsh-server SYSTEM
   "/etc/ssh2/ssh-tectia/auxdata/ssh-server-ng/ssh-server-ng-config-1.dtd" [

   <!ENTITY entity-name SYSTEM "sub-config-file.xml">

The defined entity can then be used in the main configuration file instead of defining all the settings there. The server configuration will read the contents of the sub-configuration file in the place of the entity. So the sub-configuration file contents must be designed so that they produce a valid XML structure in the ssh-server-config.xml file.

In this example we have a sub-configuration file named group-example-rules.xml, located in sub-directory subconfigs/, and with the following contents: 

<terminal action="deny" />
<subsystem type="sftp" application="sft-server-g3" chroot="%homedir%" />
<tunnel-agent action="deny" />
<tunnel-x11 action="deny" />
<tunnel-local action="deny" />
<tunnel-remote action="deny" />

In the example below, we first declare the sub-configuration file (and its location) as an external entity in the beginning of the ssh-server-config.xml file, and then use the group-A-rules entity in the actual configuration as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE secsh-server SYSTEM
   "/etc/ssh2/ssh-tectia/auxdata/ssh-server-ng/ssh-server-ng-config-1.dtd" [
 
  <!ENTITY group-A-rules SYSTEM "subconfigs/group-example-rules.xml">
]>
<secsh-server>
  ...
  <services>
    <group name="example">
      <selector>
         <user-group name="example"/> 
      </selector>
    </group>
     ...
     <rule group="example">
      &group-A-rules;
    </rule>
     ...
  </services>
</secsh-server>
Home Prev Up Next  

Copyright 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information