This module contains a collection of YANG definitions for Cisco IOS-XR ssh package configuration. This YANG module augments the...
Version: 2021-02-10
module Cisco-IOS-XR-um-ssh-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-um-ssh-cfg"; prefix um-ssh-cfg; import Cisco-IOS-XR-types { prefix xr; } import cisco-semver { prefix semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR ssh package configuration. This YANG module augments the modules with configuration data. Copyright (c) 2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-02-10" { description "Initial release"; } semver:module-version "1.0.0"; container ssh { description "Secure Shell configuration"; leaf timeout { type uint32 { range "5..120"; } description "Set timeout value for SSH"; } container server { description "Provide SSH server service"; container vrfs { description "Cisco sshd VRF name"; list vrf { key "vrf-name"; description "Cisco sshd VRF name"; leaf vrf-name { type union { type string { pattern "default"; } type xr:Cisco-ios-xr-string { length "1..32"; } } description "Cisco sshd VRF name"; } container ipv4 { description "IPv4 access list for ssh server"; leaf access-list { type xr:Cisco-ios-xr-string { length "1..64"; pattern "[a-z0-9A-Z][-_.:a-z0-9A-Z]*"; } description "Configure IPv4 access-list"; } } // container ipv4 container ipv6 { description "IPv6 access list for ssh server"; leaf access-list { type xr:Cisco-ios-xr-string { length "1..64"; pattern "[a-z0-9A-Z][-_.:a-z0-9A-Z]*"; } description "Configure IPv6 access-list"; } } // container ipv6 } // list vrf } // container vrfs container v1 { presence "Indicates a v1 node is configured."; description "Cisco sshd protocol version 1 "; } // container v1 container v2 { presence "Indicates a v2 node is configured."; description "Cisco sshd protocol version 2 "; } // container v2 container backup { description "Cisco sshd backup server"; leaf port { type uint32 { range "11000..15000"; } must "../vrf"; description "port on which backup ssh server listens"; } leaf vrf { type xr:Cisco-ios-xr-string { length "1..32"; } must "../port"; must "../port"; description "vrf in which backup ssh server runs"; } } // container backup leaf rate-limit { type uint32 { range "1..600"; } description "Cisco sshd rate-limit of service requests"; } container disable { description "Disable sshd algorithms"; container hmac { description "Disable sshd hmac algorithms"; container hmac-sha2-512 { presence "Indicates a hmac-sha2-512 node is configured."; description "Disable sshd hmac-sha2-512-algorithm"; } // container hmac-sha2-512 container hmac-sha1 { presence "Indicates a hmac-sha1 node is configured."; description "Disable sshd hmac-sha1-algorithm"; } // container hmac-sha1 container hmac-sha2-256 { presence "Indicates a hmac-sha2-256 node is configured."; description "Disable sshd hmac-sha2-256-algorithm"; } // container hmac-sha2-256 } // container hmac } // container disable container enable { description "Enable AES-CBC and 3DES-CBC algorithms"; container cipher { description "Enable ssh server ciphers"; container aes-cbc { presence "Indicates a aes-cbc node is configured."; description "Enable ssh server aes-cbc algorithms"; } // container aes-cbc container threedes-cbc { presence "Indicates a threedes-cbc node is configured."; description "Enable ssh server 3des-cbc algorithm"; } // container threedes-cbc } // container cipher } // container enable leaf session-limit { type uint32 { range "1..110"; } description "Cisco sshd session-limit of service requests"; } container logging { presence "Indicates a logging node is configured."; description "Enable ssh server logging"; } // container logging leaf dscp { type uint32 { range "0..63"; } description "Cisco ssh server DSCP"; } container netconf { description "start ssh service for netconf subsystem"; container vrfs { description "Cisco netconf VRF name"; list vrf { key "vrf-name"; description "Cisco netconf VRF name"; leaf vrf-name { type union { type string { pattern "default"; } type xr:Cisco-ios-xr-string { length "1..32"; } } description "Cisco netconf VRF name"; } container ipv4 { description "IPv4 access list for netconf ssh server"; leaf access-list { type xr:Cisco-ios-xr-string { length "1..64"; pattern "[a-z0-9A-Z][-_.:a-z0-9A-Z]*"; } description "Configure IPv4 access-list"; } } // container ipv4 container ipv6 { description "IPv6 access list for netconf ssh server"; leaf access-list { type xr:Cisco-ios-xr-string { length "1..64"; pattern "[a-z0-9A-Z][-_.:a-z0-9A-Z]*"; } description "Configure IPv6 access-list"; } } // container ipv6 } // list vrf } // container vrfs leaf port { type uint32 { range "1..65535"; } description "Port to start ssh netconf subsystem service (Default 830)"; } } // container netconf container capability { description "Turn on Capability"; container netconf-xml { presence "Indicates a netconf-xml node is configured."; description "Use Netconf XML stack"; } // container netconf-xml } // container capability leaf rekey-time { type uint32 { range "30..1440"; } description "Configures time-based rekey (default 60 minutes)"; } leaf rekey-volume { type uint32 { range "1024..4095"; } description "Configures volume-based rekey (default 1024MB)"; } container algorithms { description "server algorithms"; container key-exchanges { description "Key exchange algorithms"; leaf-list key-exchange { type union { type string { pattern "ecdh-sha2-nistp521"; } type string { pattern "ecdh-sha2-nistp384"; } type string { pattern "ecdh-sha2-nistp256"; } type string { pattern "diffie-hellman-group14-sha1"; } type string { pattern "diffie-hellman-group1-sha1"; } } max-elements 5; description "Key exchange algorithms"; } } // container key-exchanges container host-key { must "ecdsa-nistp256 or ecdsa-nistp384 or ecdsa-nistp521 or rsa or dsa or x509v3-ssh-rsa or ed25519"; presence "Indicates a ca-certificate node is configured."; description "Host key algorithms to be used"; container ecdsa-nistp256 { presence "Indicates a ecdsa-nistp256 node is configured."; description "ecdsa-nistp256"; } // container ecdsa-nistp256 container ecdsa-nistp384 { presence "Indicates a ecdsa-nistp384 node is configured."; description "ecdsa-nistp384"; } // container ecdsa-nistp384 container ecdsa-nistp521 { presence "Indicates a ecdsa-nistp521 node is configured."; description "ecdsa-nistp521"; } // container ecdsa-nistp521 container rsa { presence "Indicates a rsa node is configured."; description "rsa"; } // container rsa container dsa { presence "Indicates a dsa node is configured."; description "dsa"; } // container dsa container x509v3-ssh-rsa { presence "Indicates a x509v3-ssh-rsa node is configured."; description "x509v3-ssh-rsa"; } // container x509v3-ssh-rsa container ed25519 { presence "Indicates a ed25519 node is configured."; description "ed25519"; } // container ed25519 } // container host-key container ciphers { description "cipher algorithms"; leaf-list cipher { type union { type string { pattern "aes128-ctr"; } type string { pattern "aes192-ctr"; } type string { pattern "aes256-ctr"; } type string { pattern "aes128-gcm@openssh.com"; } type string { pattern "aes256-gcm@openssh.com"; } type string { pattern "aes128-cbc"; } type string { pattern "aes192-cbc"; } type string { pattern "aes256-cbc"; } type string { pattern "3des-cbc"; } } max-elements 9; description "cipher algorithms"; } } // container ciphers } // container algorithms leaf tcp-window-scale { type uint32 { range "1..14"; } description "Set tcp window-scale factor for High Latency links"; } container trustpoint { description "trustpoints for server certificates"; leaf host { type xr:Cisco-ios-xr-string { length "1..128"; } description "trustpoint from where server will take its certificate"; } container user { description "trustpoints used for user certificate validation"; container trustpoints { description "trustpoint name"; list trustpoint { key "trustpoint-name"; description "trustpoint name"; leaf trustpoint-name { type xr:Cisco-ios-xr-string { length "1..128"; } description "trustpoint name"; } } // list trustpoint } // container trustpoints } // container user } // container trustpoint container certificate { description "certificate related parameters"; container username { must "common-name or user-principle-name"; presence "Indicates a username node is configured."; description "certificate field to be used as username"; container common-name { presence "Indicates a common-name node is configured."; description "user common name(CN) from subject name field"; } // container common-name container user-principle-name { presence "Indicates a user-principle-name node is configured."; description "user principle name(UPN) from subject alternate name"; } // container user-principle-name } // container username } // container certificate leaf max-auth-limit { type uint32 { range "4..20"; } description "User Configurable max authentication attempts"; } container port-forwarding { description "Enable port forwarding for ssh server"; container local { presence "Indicates a local node is configured."; description "Enable local port forwarding for ssh server"; } // container local } // container port-forwarding container usernames { description "ssh user"; list username { key "username-name"; description "ssh user"; leaf username-name { type string { length "1..800"; } description "ssh user"; } leaf keystring { type string { length "1..800"; } description "Enter public key in ssh format"; } } // list username } // container usernames } // container server container client { description "Provide SSH client service"; leaf knownhost { type xr:Cisco-ios-xr-string { length "1..800"; } description "Enable the host pubkey check by local database"; } leaf source-interface { type xr:Interface-name; description "Source interface for ssh client sessions"; } leaf vrf { type xr:Cisco-ios-xr-string { length "1..32"; } description "Source interface VRF for ssh client sessions"; } leaf dscp { type uint32 { range "0..63"; } description "DSCP value for ssh client sessions"; } leaf rekey-time { type uint32 { range "30..1440"; } description "Configures time-based rekey (default 60 minutes)"; } leaf rekey-volume { type uint32 { range "1024..4095"; } description "Configures volume-based rekey (default 1024MB)"; } container disable { description "Disable sshd algorithms"; container hmac { description "Disable sshd hmac algorithms"; container hmac-sha1 { presence "Indicates a hmac-sha1 node is configured."; description "Disable sshd hmac-sha1-algorithm"; } // container hmac-sha1 container hmac-sha2-512 { presence "Indicates a hmac-sha2-512 node is configured."; description "Disable ssh hmac-sha2-512-algorithm"; } // container hmac-sha2-512 container hmac-sha2-256 { presence "Indicates a hmac-sha2-256 node is configured."; description "Disable ssh hmac-sha2-256-algorithm"; } // container hmac-sha2-256 } // container hmac } // container disable container enable { description "Enable AES-CBC and 3DES-CBC algorithms"; container cipher { description "Enable ssh client ciphers"; container aes-cbc { presence "Indicates a aes-cbc node is configured."; description "Enable ssh client aes-cbc algorithms"; } // container aes-cbc container threedes-cbc { presence "Indicates a threedes-cbc node is configured."; description "Enable ssh client 3des-cbc algorithm"; } // container threedes-cbc } // container cipher } // container enable container algorithms { description "client algorithms"; container key-exchanges { description "Key exchange algorithms"; leaf-list key-exchange { type union { type string { pattern "ecdh-sha2-nistp521"; } type string { pattern "ecdh-sha2-nistp384"; } type string { pattern "ecdh-sha2-nistp256"; } type string { pattern "diffie-hellman-group14-sha1"; } type string { pattern "diffie-hellman-group1-sha1"; } } max-elements 5; description "Key exchange algorithms"; } } // container key-exchanges container ciphers { description "Cipher algorithms"; leaf-list cipher { type union { type string { pattern "aes128-ctr"; } type string { pattern "aes192-ctr"; } type string { pattern "aes256-ctr"; } type string { pattern "aes128-gcm@openssh.com"; } type string { pattern "aes256-gcm@openssh.com"; } type string { pattern "aes128-cbc"; } type string { pattern "aes192-cbc"; } type string { pattern "aes256-cbc"; } type string { pattern "3des-cbc"; } } max-elements 9; description "Cipher algorithms"; } } // container ciphers } // container algorithms leaf tcp-window-scale { type uint32 { range "1..14"; } description "Set tcp window-scale factor for High Latency links"; } container v2 { presence "Indicates a v2 node is configured."; description "Set ssh client to use version 2 "; } // container v2 container v1 { presence "Indicates a v1 node is configured."; description "Set ssh client to use version 1 "; } // container v1 } // container client } // container ssh } // module Cisco-IOS-XR-um-ssh-cfg
© 2023 YumaWorks, Inc. All rights reserved.