This module contains a collection of YANG definitions for Cisco IOS-XR crypto-ssh package configuration. This module contains d...
Version: 2021-05-27
module Cisco-IOS-XR-crypto-ssh-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-crypto-ssh-cfg"; prefix crypto-ssh-cfg; import Cisco-IOS-XR-types { prefix xr; } import cisco-semver { prefix semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR crypto-ssh package configuration. This module contains definitions for the following management objects: ssh: Secure Shell configuration Copyright (c) 2013-2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-05-27" { description "Ciphers and key exchange algorithms added. 2021-05-10 RSA keys allowed in FIPS mode 2021-01-20 SSH v1 support CLI added 2020-11-18 Port forwarding cli added. 2020-08-14 ED25519 support for XR SSH."; } revision "2020-04-30" { description "Added CLI to disable hmac-sha2-256 in server and client"; } revision "2019-04-05" { description "Establish semantic version baseline."; } revision "2019-03-28" { description "Added CLI to disable hmac-sha1"; } revision "2019-03-13" { description "Added CLI to enable needed ciphers."; } revision "2018-09-11" { description "Added backup ssh server schema"; } revision "2018-05-24" { description "Changes in enable cipher aes-cbc schema and added enable cipher 3des-cbc support"; } revision "2018-04-04" { description "Changes in ssh kexchange algorithms schema"; } revision "2017-11-21" { description "Resolving dependency issue with SAM"; } revision "2017-07-15" { description "Fixing client rekey support."; } revision "2017-05-01" { description "Fixing backward compatibility error in module."; } revision "2015-07-30" { description "Descriptions updated."; } revision "2015-07-13" { description "IOS XR 5.3.2 revision."; } revision "2015-01-07" { description "IOS XR 5.3.1 revision."; } semver:module-version "2.0.0"; semver:module-version "1.1.0"; semver:module-version "1.0.1"; container ssh { description "Secure Shell configuration"; container client { description "Provide SSH client service"; container client-disable { description "disable"; container client-hmac { description "hmac"; leaf client-hmac-sha512 { type boolean; default "false"; description "Disable Hmac-sha2-512 negotiation"; } leaf client-hmac-sha256 { type boolean; default "false"; description "Disable Hmac-sha2-256 negotiation"; } leaf client-hmac-sha1 { type boolean; default "false"; description "Disable Hmac-sha1 negotiation"; } } // container client-hmac } // container client-disable container client-algo { description "Cisco ssh algorithms"; container key-exchanges { description "Key exchange algorithm"; leaf-list key-exchange { type string { length "1..32"; } max-elements 9; description "key exchange algorithm"; } } // container key-exchanges container ciphers { description "cipher algorithm"; leaf-list cipher { type string { length "1..32"; } max-elements 10; description "Cipher algorithm"; } } // container ciphers } // container client-algo container client-enable { description "clientenable"; container client-cipher { description "Enable AES-CBC and 3DES_CBC for ssh client"; leaf aes-cbc { type boolean; default "false"; description "Enable AES-CBC ciphers"; } leaf tripledes-cbc { type boolean; default "false"; description "Enable 3DES-CBC cipher"; } } // container client-cipher } // container client-enable leaf rekey-volume { type uint32 { range "1024..4095"; } default "1024"; description "Configure client volume-based rekey for SSH"; } leaf host-public-key { type string; description "Filename - where to store known host file"; } leaf client-vrf { type xr:Cisco-ios-xr-string { length "1..32"; } description "Source interface VRF for ssh client sessions"; } leaf v2 { type empty; description "Cisco ssh client force protocol version 2 only"; } leaf tcp-window-scale { type uint32 { range "1..14"; } default "1"; description "Set SSH Client Tcp Window Scale factor"; } leaf rekey-time { type uint32 { range "30..1440"; } units "minute"; default "60"; description "Configure client time-based rekey for SSH"; } leaf source-interface { type xr:Interface-name; description "Source interface for ssh client sessions"; } leaf v1 { type empty; description "Cisco ssh client protocol version 2 and 1"; } leaf dscp { type uint32 { range "0..63"; } description "Cisco sshd DSCP value"; } } // container client container server { description "Provide SSH server service"; container disable { description "disable"; container hmac { description "hmac"; leaf hmac-sha512 { type boolean; default "false"; description "Disable Hmac-sha2-512 negotiation"; } leaf hmac-sha256 { type boolean; default "false"; description "Disable Hmac-sha2-256 negotiation"; } leaf hmac-sha1 { type boolean; default "false"; description "Disable Hmac-sha1 negotiation"; } } // container hmac } // container disable container enable { description "enable"; container cipher { description "Enable AES-CBC and 3DES-CBC ciphers"; leaf aes-cbc { type boolean; default "false"; description "Enable aes-cbc ciphers"; } leaf tripledes-cbc { type boolean; default "false"; description "Enable 3des-cbc cipher"; } } // container cipher } // container enable container vrf-table { description "Cisco sshd VRF name"; list vrf { key "vrf-name"; description "Enter VRF name"; leaf vrf-name { type xr:Cisco-ios-xr-string { length "1..32"; } description "Enter VRF name"; } leaf enable { type empty; mandatory true; description "Enable to use VRF"; } leaf ipv4-access-list { type xr:Cisco-ios-xr-string { length "1..32"; } description "SSH v4 access-list name"; } leaf ipv6-access-list { type xr:Cisco-ios-xr-string { length "1..32"; } description "SSH v6 access-list name"; } } // list vrf } // container vrf-table container usernames { description "Username related Configuration"; list username { key "name"; description "User Name"; leaf keystring { type string; description "Public key for user"; } leaf name { type xr:Cisco-ios-xr-string; description "User Name"; } } // list username } // container usernames container server-algo { description "Cisco ssh algorithms"; container host-key { presence "Indicates a host-key node is configured."; description "Host key algorithm"; leaf ecdsa-nistp256 { type uint32 { range "0..1"; } mandatory true; description "Enable ecdsa-nistp256"; } leaf ecdsa-nistp384 { type uint32 { range "0..1"; } mandatory true; description "Enable ecdsa-nistp384"; } leaf ecdsa-nistp521 { type uint32 { range "0..1"; } mandatory true; description "Enable ecdsa-nistp521"; } leaf rsa { type uint32 { range "0..1"; } mandatory true; description "Enable rsa"; } leaf dsa { type uint32 { range "0..1"; } mandatory true; description "Enable dsa"; } leaf x509v3-ssh-rsa { type uint32 { range "0..1"; } mandatory true; description "Enable x509-ssh-rsa"; } leaf ed25519 { type uint32 { range "0..1"; } mandatory true; description "Enable ed25519"; } leaf rsa-sha512 { type uint32 { range "0..1"; } mandatory true; description "Enable rsa-sha512"; } leaf rsa-sha256 { type uint32 { range "0..1"; } mandatory true; description "Enable rsa-sha256"; } leaf ssh-rsa { type uint32 { range "0..1"; } mandatory true; description "Enable ssh-rsa"; } } // container host-key container key-exchanges { description "Key exchange algorithm"; leaf-list key-exchange { type string { length "1..32"; } max-elements 9; description "key exchange algorithm"; } } // container key-exchanges container ciphers { description "cipher algorithm"; leaf-list cipher { type string { length "1..32"; } max-elements 10; description "Cipher algorithm"; } } // container ciphers } // container server-algo container capability { description "Capability"; leaf netconf-xml { type boolean; default "false"; description "Enable Netconf-XML stack on port 22"; } } // container capability container netconf-vrf-table { description "Cisco sshd Netconf VRF name"; list vrf { key "vrf-name"; description "Enter VRF name"; leaf vrf-name { type xr:Cisco-ios-xr-string { length "1..32"; } description "Enter VRF name"; } leaf enable { type empty; mandatory true; description "Enable to use VRF"; } leaf ipv4-access-list { type xr:Cisco-ios-xr-string { length "1..32"; } description "SSH v4 access-list name"; } leaf ipv6-access-list { type xr:Cisco-ios-xr-string { length "1..32"; } description "SSH v6 access-list name"; } } // list vrf } // container netconf-vrf-table container certificate { description "Cisco ssh server certificate"; container username { presence "Indicates a username node is configured."; description "field in certificate to be matched with username"; leaf common-name { type uint32 { range "0..1"; } mandatory true; description "Use Common-name"; } leaf user-principle-name { type uint32 { range "0..1"; } mandatory true; description "use user-principle-name"; } } // container username } // container certificate container trustpoint { description "Cisco ssh server trustpoints"; container usertps { description "Cisco ssh server user trustpoints"; list usertp { key "tp-name"; description "trustpoints used for user certificate validation"; leaf tp-name { type xr:Cisco-ios-xr-string { length "1..128"; } description "Enter User TP name"; } } // list usertp } // container usertps leaf host { type string { length "1..128"; } description "trustpoint from where server will take its certificate"; } } // container trustpoint leaf rekey-volume { type uint32 { range "1024..4095"; } default "1024"; description "Configure volume-based rekey for SSH"; } leaf session-limit { type uint32 { range "1..110"; } description "Cisco sshd session-limit of service requests"; } leaf port-forwarding { type uint32 { range "0..1"; } default "0"; description "Enable SSH Server port forwarding"; } leaf netconf { type uint32 { range "1..65535"; } default "830"; description "port number on which ssh service to be started for netconf"; } leaf v2 { type empty; description "Cisco sshd force protocol version 2 "; } leaf tcp-window-scale { type uint32 { range "1..14"; } default "1"; description "Set SSH Server Tcp Window Scale factor"; } leaf rekey-time { type uint32 { range "30..1440"; } units "minute"; default "60"; description "Time Period in minutes, defalut 60"; } leaf max-auth-limit { type uint32 { range "4..20"; } default "20"; description "User Configurable max authentication limit"; } leaf logging { type empty; description "Enable ssh server logging"; } leaf rate-limit { type uint32 { range "1..600"; } default "60"; description "Cisco sshd rate-limit of service requests"; } leaf timeout { type uint32 { range "5..120"; } units "second"; default "30"; description "Timeout value between 5-120 seconds defalut 30"; } leaf v1 { type empty; description "Cisco sshd protocol version 1"; } leaf dscp { type uint32 { range "0..63"; } description "Cisco sshd DSCP value"; } } // container server container backup-server { description "Provide SSH server service"; container backup-port-vrf { presence "Indicates a backup-port-vrf node is configured."; description "backup server config"; leaf port { type uint32 { range "11000..15000"; } mandatory true; description "Port number"; } leaf vrf-name { type xr:Cisco-ios-xr-string { length "1..32"; } mandatory true; description "VRF name (max:32 chars)"; } } // container backup-port-vrf } // container backup-server } // container ssh } // module Cisco-IOS-XR-crypto-ssh-cfg
© 2023 YumaWorks, Inc. All rights reserved.