SSH client.
Version: 2020-07-02
module huawei-sshc { yang-version 1; namespace "urn:huawei:yang:huawei-sshc"; prefix sshc; import huawei-extension { prefix ext; } import ietf-inet-types { prefix inet; } import huawei-sm2 { prefix sm2; } import huawei-pub-type { prefix pub-type; } import huawei-rsa { prefix rsa; } import huawei-dsa { prefix dsa; } import huawei-ecc { prefix ecc; } organization "Huawei Technologies Co., Ltd."; contact "Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com"; description "SSH client."; revision "2020-07-02" { description "Initial revision."; reference "Huawei private."; } ext:task-name "ssh-client"; typedef sshc-enable-flag { type enumeration { enum "enable" { value 1; description "Accept connection request from unknown or unauthentic clients."; } enum "disable" { value 2; description "Do not accept connection request from unknown or unauthentic clients."; } } description "SSH client bool switch."; } typedef sshc-bool-type { type enumeration { enum "false" { value 0; description "Disabled state."; } enum "true" { value 1; description "Enabled state."; } } description "SSH client."; } typedef sshc-pubkey-type { type enumeration { enum "RSA" { value 1; description "RSA client public key."; } enum "DSA" { value 2; description "DSA client public key."; } enum "ECC" { value 3; description "ECC client public key."; } enum "SM2" { value 5; description "SM2 client public key."; } } description "SSH client public key encryption type list."; } typedef trans-cmd-type { type enumeration { enum "get" { value 2; description "File get operation."; } enum "put" { value 3; description "File put operation."; } } description "SSH client transmission command type."; } typedef operator-type { type enumeration { enum "create" { value 1; description "Create operation."; } enum "destroy" { value 2; description "Destroy operation."; } } description "Operation type."; } typedef tcp-forwarding-type { type enumeration { enum "remote" { value 1; description "Remote forwarding type."; } } description "TCP forwarding type."; } container sshc { description "SSH client."; container client { description "Configure SSH client."; leaf keep-alive-time { type int32 { range "0..3600"; } default "0"; description "If client does not receive any data from server for keepalive interval time, it sends first keepalive message to server. Further keepalive messages are sent after every expiry of keepalive interval only for max number of times configured. If client does not get any response from server still, client disconnects the current connection. 0 seconds means do not send keepalive message to server."; } leaf keep-alive-count { type int32 { range "1..30"; } default "3"; description "If client does not receive any data from server for keepalive interval time, it sends first keepalive message to server. Further keepalive messages are sent after every expiry of keepalive interval only for max number of times configured. If client does not get any response from server still, client disconnects the current connection."; } leaf first-time-enable { type sshc-enable-flag; default "disable"; description "If enabled, then RSA public key check for SSH server will be skipped for any new incoming connection."; } leaf src-interface { type pub-type:if-name; description "The specified source interface must exist and an IP address must be configured on the interface."; } leaf src-ipv4-addr { when "not(../src-interface)"; type inet:ipv4-address-no-zone; description "SFTP IPv4 source ip address."; } leaf vpn-instance-name { when "../src-ipv4-addr"; type string { length "1..31"; } description "The specified VPN instance must exist and IPv4-family must be enabled in the VPN instance."; } leaf scp-src-interface { type pub-type:if-name; description "The specified source interface must exist and an IP address must be configured on the interface."; } leaf scp-src-ipv4-addr { when "not(../scp-src-interface)"; type inet:ipv4-address-no-zone; description "SCP IPv4 source ip address."; } leaf scp-vpn-instance-name { when "../scp-src-ipv4-addr"; type string { length "1..31"; } description "The specified VPN instance must exist and IPv4-family must be enabled in the VPN instance."; } leaf sftp-src-ipv6-addr { type inet:ipv6-address-no-zone; description "Specify the SFTP source IPv6 address."; } leaf sftp-ipv6-vpn-instance-name { when "../sftp-src-ipv6-addr"; type string { length "1..31"; } description "The specified SFTP VPN instance must exist and IPv6-family must be enabled in the VPN instance."; } leaf scp-src-ipv6-addr { type inet:ipv6-address-no-zone; description "Specify the SCP source IPv6 address."; } leaf scp-ipv6-vpn-instance-name { when "../scp-src-ipv6-addr"; type string { length "1..31"; } description "The specified SCP VPN instance must exist and IPv6-family must be enabled in the VPN instance."; } leaf packet-dscp { type uint32 { range "0..63"; } default "48"; description "Config DSCP value."; } leaf sm2-host-key { type leafref { path "/sm2:sm2/sm2:sm2-key-pairs/sm2:sm2-key-pair/sm2:key-pair-label"; } description "User can assign the sm2 host key for sm2 connection."; } leaf pki-domain { type string { length "1..64"; } description "PKI domain."; } } // container client container server-authentications { description "List of SSH host name and key name configuration."; list server-authentication { key "server-name pubkey-type key-name"; max-elements 20; description "Configure SSH host name and key name policy."; leaf server-name { type string { length "1..255"; } description "Set SSH host name."; } leaf pubkey-type { type sshc-pubkey-type; description "SSH server public key type."; } leaf key-name { type string { length "1..40"; } must "(../pubkey-type = 'RSA' and ../key-name = /rsa:rsa/rsa:peer-keys/rsa:peer-key[rsa:key-name=current()]/rsa:key-name) or ../pubkey-type != 'RSA'"; must "(../pubkey-type = 'DSA' and ../key-name = /dsa:dsa/dsa:peer-keys/dsa:peer-key[dsa:key-name=current()]/dsa:key-name) or ../pubkey-type != 'DSA'"; must "(../pubkey-type = 'ECC' and ../key-name = /ecc:ecc/ecc:peer-keys/ecc:peer-key[ecc:key-name=current()]/ecc:key-name) or ../pubkey-type != 'ECC'"; must "(../pubkey-type = 'SM2' and ../key-name = /sm2:sm2/sm2:sm2-peer-keys/sm2:sm2-peer-key[sm2:key-name=current()]/sm2:key-name) or ../pubkey-type != 'SM2'"; description "Key name."; } } // list server-authentication } // container server-authentications container cipher-alg { must "../cipher-alg/descbc = 'true' or ../cipher-alg/des3cbc = 'true' or ../cipher-alg/aes128cbc = 'true' or ../cipher-alg/aes192cbc = 'true' or ../cipher-alg/aes256cbc = 'true' or ../cipher-alg/aes128ctr = 'true' or ../cipher-alg/aes192ctr = 'true' or ../cipher-alg/aes256ctr = 'true' or ../cipher-alg/arcfour128 = 'true' or ../cipher-alg/arcfour256 = 'true' or ../cipher-alg/aes128gcm = 'true' or ../cipher-alg/aes256gcm = 'true'"; description "Configure Encryption algorithms supported for SSHS."; leaf descbc { type sshc-bool-type; default "false"; description "DES CBC encryption algorithm."; } leaf des3cbc { type sshc-bool-type; default "false"; description "3DES CBC encryption algorithm."; } leaf aes128cbc { type sshc-bool-type; default "false"; description "AES128 CBC encryption algorithm."; } leaf aes192cbc { type sshc-bool-type; default "false"; description "AES192 CBC encryption algorithm."; } leaf aes256cbc { type sshc-bool-type; default "false"; description "AES256 CBC encryption algorithm."; } leaf aes128ctr { type sshc-bool-type; default "true"; description "AES128 CTR encryption algorithm."; } leaf aes192ctr { type sshc-bool-type; default "true"; description "AES192 CTR encryption algorithm."; } leaf aes256ctr { type sshc-bool-type; default "true"; description "AES256 CTR encryption algorithm."; } leaf arcfour128 { type sshc-bool-type; default "false"; description "ARCFOUR128 encryption algorithm."; } leaf arcfour256 { type sshc-bool-type; default "false"; description "ARCFOUR256 encryption algorithm."; } leaf aes128gcm { type sshc-bool-type; default "true"; description "AES128 GCM encryption algorithm."; } leaf aes256gcm { type sshc-bool-type; default "true"; description "AES256 GCM encryption algorithm."; } } // container cipher-alg container hmac-alg { must "../hmac-alg/md5 = 'true' or ../hmac-alg/md596 = 'true' or ../hmac-alg/sha1 = 'true' or ../hmac-alg/sha196 = 'true' or ../hmac-alg/sha2256 = 'true' or ../hmac-alg/sha225696 = 'true' or ../hmac-alg/sha2512 = 'true'"; description "Configure HMAC algorithms supported for SSHS."; leaf md5 { type sshc-bool-type; default "false"; description "MD5 hmac algorithm."; } leaf md596 { type sshc-bool-type; default "false"; description "MD5-96 hmac algorithm."; } leaf sha1 { type sshc-bool-type; default "false"; description "SHA1 hmac algorithm."; } leaf sha196 { type sshc-bool-type; default "false"; description "SHA1-96 hmac algorithm."; } leaf sha2256 { type sshc-bool-type; default "true"; description "SHA2-256 Hmac Algorithm."; } leaf sha225696 { type sshc-bool-type; default "false"; description "SHA2-256-96 hmac algorithm."; } leaf sha2512 { type sshc-bool-type; default "true"; description "SHA2-512 hmac algorithm."; } } // container hmac-alg container kex-alg { must "../kex-alg/dh-group-exchange-sha-256 = 'true' or ../kex-alg/dh-group-exchange-sha1 = 'true' or ../kex-alg/dh-group1-sha1 = 'true' or ../kex-alg/ecdh-sha2-nistp-256 = 'true' or ../kex-alg/ecdh-sha2-nistp-384 = 'true' or ../kex-alg/ecdh-sha2-nistp-521 = 'true' or ../kex-alg/sm2-kep = 'true' or ../kex-alg/dh-group14-sha1 = 'true' or ../kex-alg/dh-group16-sha512 = 'true' or ../kex-alg/dh-group18-sha512 = 'true' or ../kex-alg/curve25519-sha256 = 'true'"; description "Configure Key Exchange Algorithm."; leaf dh-group14-sha1 { type sshc-bool-type; default "false"; description "Diffie hellman group14 sha1 algorithm."; } leaf dh-group1-sha1 { type sshc-bool-type; default "false"; description "Diffie hellman group1 sha1 algorithm."; } leaf dh-group16-sha512 { type sshc-bool-type; default "true"; description "Diffie hellman group16 sha512 algorithm."; } leaf dh-group18-sha512 { type sshc-bool-type; default "true"; description "Diffie hellman group18 sha512 algorithm."; } leaf ecdh-sha2-nistp-521 { type sshc-bool-type; default "false"; description "Ecdh sha2 nistp521 algorithm."; } leaf ecdh-sha2-nistp-384 { type sshc-bool-type; default "false"; description "Ecdh sha2 nistp384 algorithm."; } leaf ecdh-sha2-nistp-256 { type sshc-bool-type; default "false"; description "Ecdh sha2 nistp256 algorithm."; } leaf curve25519-sha256 { type sshc-bool-type; default "true"; description "Curve25519 sha256 algorithm."; } leaf dh-group-exchange-sha-256 { type sshc-bool-type; default "true"; description "Diffie hellman group exchange sha256 algorithm."; } leaf dh-group-exchange-sha1 { type sshc-bool-type; default "false"; description "Diffie hellman group exchange sha1 algorithm."; } leaf sm2-kep { type sshc-bool-type; default "false"; description "Sm2kep sha2 nistp256 algorithm."; } } // container kex-alg container pubkey-alg { must "../pubkey-alg/dsa = 'true' or ../pubkey-alg/ecc = 'true' or ../pubkey-alg/rsa = 'true' or ../pubkey-alg/sm2 = 'true' or ../pubkey-alg/x509v3-ssh-rsa = 'true' or ../pubkey-alg/rsa-sha2-256 = 'true' or ../pubkey-alg/rsa-sha2-512 = 'true'"; description "Configure public key algorithm."; leaf dsa { type boolean; default "false"; description "Enable/disable DSA public key algorithm."; } leaf ecc { type boolean; default "false"; description "Enable/disable ECC public key algorithm."; } leaf rsa { type boolean; default "false"; description "Enable/disable RSA public key algorithm."; } leaf sm2 { type boolean; default "false"; description "Enable/disable SM2 public key algorithm."; } leaf x509v3-ssh-rsa { type boolean; default "false"; description "Enable/disable X509 RSA public key algorithm."; } leaf rsa-sha2-256 { type boolean; default "true"; description "Enable/disable RSA SHA2-256 public key algorithm."; } leaf rsa-sha2-512 { type boolean; default "true"; description "Enable/disable RSA SHA2-512 public key algorithm."; } } // container pubkey-alg container rekey { description "Configure reKey."; leaf max-packet { type uint32 { range "268435456..2147483648"; } default "2147483648"; description "Rekey maximum packet number."; } leaf time { type int32 { range "30..1440"; } units "min"; default "60"; description "Rekey time."; } leaf max-data { type int32 { range "100..10000"; } units "MB"; default "1000"; description "Rekey maximum data."; } } // container rekey container transfer-results { config false; description "List of SFTP transfer file result."; list transfer-result { key "command-type host-addr server-port vpn-name local-file-name remote-file-name"; max-elements 30; description "SFTP transfer file result state."; leaf command-type { type trans-cmd-type; description "Specify the type of operation need to be performed (get/put)."; } leaf host-addr { type string { length "1..255"; } description "Specify the IP address of remote system (SFTP server)."; } leaf server-port { type uint32 { range "1..65535"; } description "Specify the port number."; } leaf vpn-name { type string { length "1..31"; } description "Specify the VPN instance name."; } leaf local-file-name { type string { length "1..256"; } description "Specify the local file name."; } leaf remote-file-name { type string { length "1..256"; } description "Specify the remote file name."; } leaf status { type string { length "0..50"; } description "Indicates that the transfer status."; } leaf percentage { type uint32 { range "0..100"; } description "Show the transfer percentage."; } leaf error-tag { type string { length "0..100"; } description "Show the error code when ssh transfer failed."; } } // list transfer-result } // container transfer-results container session-car { must 'cir-interval<=pir-interval'; must 'cbs-interval<=pbs-interval'; description "Configure SSH client session CAR."; leaf enable { type boolean; default "true"; description "Enable/disable session CAR."; } leaf cir-interval { type uint32 { range "1..1000000"; } units "kbit/s"; default "800"; description "Specify the session CAR CIR interval."; } leaf cbs-interval { type uint32 { range "1..10000000"; } units "bit/s"; default "500000"; description "Specify the session CAR CBS interval."; } leaf pir-interval { type uint32 { range "1..1000000"; } units "kbit/s"; default "2000"; description "Specify the session CAR PIR interval."; } leaf pbs-interval { type uint32 { range "1..10000000"; } units "bit/s"; default "900000"; description "Specify the session CAR PBS interval."; } } // container session-car } // container sshc rpc ssh-transfer-file { description "SFTP file transfer."; input { leaf source-ipv4-address { type inet:ipv4-address-no-zone; must "../host-addr-ipv4"; description "Specify the source IPv4 address."; } leaf source-ipv6-address { type inet:ipv6-address-no-zone; must "../host-addr-ipv6"; description "Specify the source IPv6 address."; } leaf server-port { type uint32 { range "1..65535"; } default "22"; description "Specify the port number."; } leaf host-addr-ipv4 { type string { length "1..255"; } must "not(../host-addr-ipv6)"; description "Specify the IPv4 address of remote system (SFTP server)."; } leaf host-addr-ipv6 { type string { length "1..255"; } description "Specify the IPv6 address of remote system (SFTP server)."; } leaf command-type { type trans-cmd-type; description "Specify the type of operation need to be performed (get/put)."; } leaf user-name { type string { length "1..255"; } mandatory true; description "Specify the user name to authenticate the connection before file transfer."; } leaf password { type pub-type:password; mandatory true; description "Specify the password to authenticate the connection before file transfer."; } leaf local-file-name { type string { length "1..256"; } description "Specify the local file name."; } leaf remote-file-name { type string { length "1..256"; } description "Specify the remote file name."; } leaf vpn-name { type string { length "1..31"; } must "(../host-addr-ipv4) and not(../public-net) and not(../source-interface-name)"; description "Specify the VPN instance name."; } leaf ipv6-vpn-name { type string { length "1..31"; } must "(../host-addr-ipv6) and not(../public-net) and not(../source-interface-name)"; description "Specify the IPv6 VPN instance name."; } leaf public-net { type boolean; description "Using public net or not."; } leaf source-interface-name { type pub-type:if-name; must "not(../public-net)"; description "Specify the source interface name."; } leaf async { type boolean; description "Specify the transfer type."; } leaf cancel { type boolean; description "Cancel the transfer."; } } } // rpc ssh-transfer-file rpc tcp-port-forwarding { description "Creates an SSH port forwarding tunnel."; input { leaf operator { type operator-type; mandatory true; description "Operation type."; } leaf forwarding-type { type tcp-forwarding-type; default "remote"; description "Forwarding type."; } leaf server-host-name { type string { length "1..32"; } mandatory true; description "IP address or domain name of the SSH server."; } leaf server-port { type uint32 { range "1..65535"; } mandatory true; description "Server port connected to the SSH client."; } leaf server-binding-port { type uint32 { range "1..65535"; } mandatory true; description "Server port associated with the forwarding port of the SSH client."; } leaf remote-host-name { type string { length "1..32"; } mandatory true; description "IP address or domain name of the remote host that receives the packets forwarded by the SSH client."; } leaf remote-port { type uint32 { range "1..65535"; } mandatory true; description "Port of the remote host that receives the packets forwarded by the SSH client."; } leaf server-user-name { type string { length "1..32"; } mandatory true; description "User name for logging in to the SSH server."; } choice authentication-type { description "Authentication type."; case password { description "Password authentication."; leaf server-user-password { when "../operator = 'create'"; type pub-type:password; description "Password for logging in to the SSH server."; } } // case password case pki { description "Certificate authentication."; leaf pki-domain { when "../operator = 'create'"; type string { length "1..32"; } description "Name of the PKI realm used for certificate authentication."; } } // case pki } // choice authentication-type leaf vpn-name { type string { length "1..31"; } description "VPN name."; } leaf idle-timeout { type uint32 { range "1..1440"; } units "min"; default "10"; description "Idle time for the disconnected forwarding channel."; } } } // rpc tcp-port-forwarding } // module huawei-sshc
© 2023 YumaWorks, Inc. All rights reserved.