+ ssh:
+ brute_force_protection:
+ description: When enabled, the access from all networks (except the provided
+ ones) will be granted, but the networks will be checked against the brute
+ force attack.
+ label: Brute force protection
+ restrictions:
+ - action: hide
+ condition: settings:ssh.security_enabled.value == false
+ type: checkbox
+ value: false
+ weight: 30
+ metadata:
+ enabled: true
+ group: security
+ label: SSH security
+ toggleable: false
+ weight: 120
+ security_enabled:
+ description: 'NOTE: When enabled, provide at least one working IP address
+ (the Fuel Master node IP is already added).
+
+ We recommend adding new addresses instead of replacing the provided Fuel
+ Master node IP.
+
+ When disabled (by default), the admin, management, and storage networks
+ are only allowed to connect to the SSH service.
+
+ '
+ label: Restrict SSH service on network
+ type: checkbox
+ value: false
+ weight: 10
+ security_networks:
+ description: IPv4/CIDR address
+ label: Restrict access to
+ regex:
+ error: Invalid IPv4/CIDR address
+ source: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))*$
+ restrictions:
+ - action: hide
+ condition: settings:ssh.security_enabled.value == false
+ type: text_list
+ value:
+ - 10.20.0.2
+ weight: 20