SSH server.
Version: 2020-07-02
module huawei-sshs { yang-version 1; namespace "urn:huawei:yang:huawei-sshs"; prefix sshs; import huawei-pub-type { prefix pub-type; } import huawei-extension { prefix ext; } import ietf-inet-types { prefix inet; } import huawei-acl { prefix acl; } import huawei-rsa { prefix rsa; } import huawei-dsa { prefix dsa; } import huawei-ecc { prefix ecc; } import huawei-sm2 { prefix sm2; } import huawei-network-instance { prefix ni; } organization "Huawei Technologies Co., Ltd."; contact "Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com"; description "SSH server."; revision "2020-07-02" { description "Initial revision."; reference "Huawei private."; } ext:task-name "ssh-server"; typedef sshs-srvc-type { type enumeration { enum "not-set" { value 0; description "Server service is not set."; } enum "stelnet" { value 1; description "STelnet server service."; } enum "sftp" { value 2; description "SFTP server service."; } enum "snetconf" { value 3; description "SNETCONF server service."; } enum "all" { value 4; description "ALL server service."; } enum "sftp-snetconf" { value 5; description "SFTP and SNETCONF server service."; } enum "stelnet-sftp" { value 6; description "STelnet and SFTP server service."; } enum "stelnet-snetconf" { value 7; description "STelnet and SNETCONF server service."; } enum "sftp-snetconf-stelnet" { value 8; description "STelnet, SFTP and SNETCONF server service."; } } description "SSH server service type list."; } typedef sshs-enable-flag { type enumeration { enum "enable" { value 1; description "SSH server/service enable."; } enum "disable" { value 2; description "SSH server/service disable."; } } description "SSH server bool switch."; } typedef sshs-user-auth { type enumeration { enum "not-set" { value 0; description "The user authentication type is not set."; } enum "password" { value 1; description "User authentication type password."; } enum "rsa" { value 2; description "User authentication type RSA."; } enum "all" { value 3; description "User authentication type all."; } enum "password-rsa" { value 4; description "User authentication type password RSA."; } enum "dsa" { value 5; description "User authentication type DSA."; } enum "password-dsa" { value 6; description "User authentication type password DSA."; } enum "ecc" { value 7; description "User authentication type ECC."; } enum "password-ecc" { value 8; description "User authentication type password ECC."; } enum "sm2" { value 9; description "User authentication type SM2."; } enum "password-sm2" { value 10; description "User authentication type password SM2."; } enum "x509v3-rsa" { value 11; description "User authentication type is x509v3-rsa."; } enum "password-x509v3-rsa" { value 12; description "User authentication type is password-x509v3-rsa."; } } description "SSH server user authentication type list."; } typedef sshs-user-pubkey-type { type enumeration { enum "not-set" { value 0; description "Server public key is not set."; } enum "RSA" { value 1; description "RSA server public key."; } enum "DSA" { value 2; description "DSA server public key."; } enum "ECC" { value 3; description "ECC server public key."; } enum "SM2" { value 5; description "SM2 server public key."; } enum "PKI" { value 6; description "PKI server public key."; } } description "SSH server public key encryption type list for user."; } typedef sshs-pubkey-type { type enumeration { enum "not-set" { value 0; description "Server public key is not set."; } enum "RSA" { value 1; description "RSA server public key."; } enum "DSA" { value 2; description "DSA server public key."; } enum "ECC" { value 3; description "ECC server public key."; } enum "SM2" { value 5; description "SM2 server public key."; } enum "RSA-SHA2-256" { value 7; description "RSA SHA2-256 server public key."; } enum "RSA-SHA2-512" { value 8; description "RSA SHA2-512 server public key."; } } description "SSH server public key encryption type list."; } typedef sshs-bool-type { type enumeration { enum "false" { value 0; description "Disabled state."; } enum "true" { value 1; description "Enabled state."; } } description "SSH server enable flag list."; } typedef defauthor { type enumeration { enum "aaa" { value 0; description "AAA authorization."; } enum "root" { value 1; description "ROOT authorization."; } } description "SSH server default authorization list."; } typedef version { type enumeration { enum "sshver2" { value 0; description "SSH protocol version 2.0."; } enum "sshver1-99" { value 1; description "SSH protocol version 1.99."; } } description "SSH server version type list."; } typedef sshs-bool { type enumeration { enum "enable" { value 1; description "SSH server/service enable."; } enum "disable" { value 2; description "SSH server/service disable."; } } description "SSH server bool switch."; } typedef connstate { type enumeration { enum "stop" { value 0; description "Connection is stopped."; } enum "started" { value 1; description "Connection is started."; } } description "SSH server connection state list."; } typedef keyboard-flag { type enumeration { enum "enable-keyboard" { value 1; description "Enable keyboard."; } enum "disable-keyboard" { value 0; description "Disable keyboard."; } } description "SSH server keyboard enable flag list."; } typedef connection-status-type { type enumeration { enum "connected" { value 1; description "The ssh connection status: connected."; } enum "disconnected" { value 2; description "The ssh connection status: disconnected."; } } description "The ssh connection status, connected or disconnected."; } typedef address-type { type enumeration { enum "ipv6" { value 1; description "The address type is IPv6."; } enum "ipv4" { value 0; description "The address type is IPv4."; } } description "The address type."; } container sshs { description "SSH server."; container server { description "Configure server statistics."; leaf authentication-timeout { type int32 { range "1..120"; } default "60"; description "User can set the authentication timeout period of the SSH. By default, SSH authentication timeout interval is 60 seconds."; } leaf rekey-interval { type int32 { range "0..24"; } default "0"; description "User can set the interval for updating the key pair of the SSH server. By default, the interval for updating the key pair of the SSH server is 0 that indicates no updating."; } leaf keep-alive-enable { type sshs-bool; default "enable"; description "SSH server supports keep alive functionality will respond to client keep alive packets."; } leaf compatible-ssh1x { type sshs-bool; default "disable"; description "User can enable the earlier version-compatible function on the SSH server. By default, compatibility is enabled."; } leaf ip-block-enable { type boolean; default "true"; description "Enable/disable SSH IP block."; } leaf authorization-def { type defauthor; default "aaa"; description "SSH authorization."; } leaf authentication-def { type sshs-bool; default "enable"; description "User can enable default authentication type as password on the SSH server."; } leaf packet-dscp { type uint32 { range "0..63"; } default "48"; description "Config DSCP value."; } leaf auth-retries { type int32 { range "1..5"; } default "3"; description "User can set authentication retry times."; } leaf auth-bogus-mode { type sshs-bool; default "enable"; description "The bogus list of acceptable authentication 'method name' values makes it possible for the server to avoid disclosing information on which accounts exist."; } leaf sftp-max-user { type int32 { range "0..15"; } default "5"; description "User can configure maximum number of clients can be connected to server at any point of time for SFTP service."; } leaf sftp-timeout-min { type uint16 { range "0..35791"; } units "min"; default "10"; description "SFTP idle timeout."; } leaf sftp-timeout-sec { type uint8 { range "0..59"; } units "s"; default "0"; description "SFTP idle timeout."; } leaf scp-max-session { type int32 { range "0..5"; } default "2"; description "User can configure maximum number of clients can be connected to server at any point of time for SCP service."; } leaf src-ipv6-addr { type inet:ipv6-address-no-zone; status deprecated; description "SSH IPv6 server source IP address. The node /sshs:sshs/sshs:server/sshs:src-ipv6-addr is deprecated. You are advised to use the node /sshs:sshs/sshs:ipv6-server-sources/sshs:ipv6-server-source/sshs:src-ipv6-addr."; } leaf src-ipv6-vpn-name { when "../src-ipv6-addr"; type string { length "1..32"; } status deprecated; description "SSH IPv6 server source VPN name. The node /sshs:sshs/sshs:server/sshs:src-ipv6-vpn-name is deprecated. You are advised to use the node /sshs:sshs/sshs:ipv6-server-sources/sshs:ipv6-server-source/sshs:src-ipv6-vpn-name."; } leaf src-interf-name { type string { length "1..32"; } status deprecated; description "Specify the source interface name. The node /sshs:sshs/sshs:server/sshs:src-interf-name is deprecated. You are advised to use the node /sshs:sshs/sshs:ipv4-server-sources/sshs:ipv4-server-source/sshs:src-interface."; } leaf rsa-host-key { type leafref { path "/rsa:rsa/rsa:key-pairs/rsa:key-pair/rsa:key-pair-label"; } description "User can assign the rsa host key for rsa connection."; } leaf dsa-host-key { type leafref { path "/dsa:dsa/dsa:key-pairs/dsa:key-pair/dsa:key-pair-label"; } description "User can assign the dsa host key for dsa connection."; } leaf ecc-host-key { type leafref { path "/ecc:ecc/ecc:key-pairs/ecc:key-pair/ecc:key-pair-label"; } description "User can assign the ecc host key for ecc connection."; } leaf sm2-host-key { type leafref { path "/sm2:sm2/sm2:sm2-key-pairs/sm2:sm2-key-pair/sm2:key-pair-label"; } description "SM2 host key name."; } leaf ipv4-acl-name { type leafref { path "/acl:acl/acl:groups/acl:group/acl:identity"; } must "/acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='advance'"; description "Server ACL name or number for IPv4 connections."; } leaf ipv4-acl-number { type leafref { path "/acl:acl/acl:groups/acl:group/acl:identity"; } must "/acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:groups/acl:group[acl:identity=current()]/acl:type='advance'"; status deprecated; description "Server ACL number for IPv4 connections. The node /sshs:sshs/sshs:server/sshs:ipv4-acl-number is deprecated. You are advised to use the node /sshs:sshs/sshs:server/sshs:ipv4-acl-name."; } leaf ipv6-acl-name { type leafref { path "/acl:acl/acl:group6s/acl:group6/acl:identity"; } must "/acl:acl/acl:group6s/acl:group6[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:group6s/acl:group6[acl:identity=current()]/acl:type='advance'"; description "Server ACL name or number for IPv6 connections."; } leaf ipv6-acl-number { type leafref { path "/acl:acl/acl:group6s/acl:group6/acl:identity"; } must "/acl:acl/acl:group6s/acl:group6[acl:identity=current()]/acl:type='basic' or /acl:acl/acl:group6s/acl:group6[acl:identity=current()]/acl:type='advance'"; status deprecated; description "Server ACL number for IPv6 connections. The node /sshs:sshs/sshs:server/sshs:ipv6-acl-number is deprecated. You are advised to use the node /sshs:sshs/sshs:server/sshs:ipv6-acl-name."; } leaf ssh-version { type version; config false; description "Indicates the SSH protocol version that the server supports. A version 1.99 can supports both protocol version 2.0 and protocol version 1.x, if the compatibility is enabled."; } leaf rsa-server-key { type string { length "1..35"; } config false; description "User can assign the rsa server key for rsa connection."; } leaf pki-domain { type string { length "1..64"; } description "PKI domain."; } leaf limit-session-number { type uint32 { range "1..256"; } default "256"; description "Maximum number of SSH connections to the server using a single IP address."; } leaf rsa-min-key-length { type uint32 { range "512..4096"; } default "512"; description "Minimum rsa key bits when ssh server authentication."; } } // container server container users { description "List of SSH user configuration."; list user { key "name"; max-elements 200; description "Configure SSH user configuration policy."; leaf name { type string { length "1..253"; } description "User name is a string of characters without a blank space."; } leaf auth-type { ext:support-filter "true"; type sshs-user-auth; default "not-set"; description "Authentication type."; } leaf sftp-dir { ext:support-filter "true"; type string { length "1..255"; } description "SFTP service directory, the total length of absolute path is 128, the length of single directory is 128."; } leaf key-name { ext:support-filter "true"; when "../pub-key-type"; type string { length "1..64"; } must "../pub-key-type = 'RSA' or ../pub-key-type = 'SM2' or ../pub-key-type = 'DSA' or ../pub-key-type = 'ECC'"; must "(../pub-key-type = 'RSA' and ../key-name = /rsa:rsa/rsa:peer-keys/rsa:peer-key[rsa:key-name=current()]/rsa:key-name) or ../pub-key-type != 'RSA'"; must "(../pub-key-type = 'DSA' and ../key-name = /dsa:dsa/dsa:peer-keys/dsa:peer-key[dsa:key-name=current()]/dsa:key-name) or ../pub-key-type != 'DSA'"; must "(../pub-key-type = 'ECC' and ../key-name = /ecc:ecc/ecc:peer-keys/ecc:peer-key[ecc:key-name=current()]/ecc:key-name) or ../pub-key-type != 'ECC'"; must "(../pub-key-type = 'SM2' and ../key-name = /sm2:sm2/sm2:sm2-peer-keys/sm2:sm2-peer-key[sm2:key-name=current()]/sm2:key-name) or ../pub-key-type != 'SM2'"; description "User public key name is a configured public key name of the client. It is a string of 1 to 64 characters."; } leaf service-type { ext:support-filter "true"; type sshs-srvc-type; default "not-set"; description "SSH service types supported."; } leaf pub-key-type { ext:support-filter "true"; type sshs-user-pubkey-type; default "not-set"; description "SSH user public key type."; } leaf cert-verify-san { ext:support-filter "true"; type boolean; must "../pub-key-type='PKI' or (../pub-key-type!='PKI' and ../cert-verify-san='false')"; default "false"; description "Enable/disable certificate verifying common name and subject alternative name."; } } // list user } // container users container cipher-alg { must "../cipher-alg/descbc = 'true' or ../cipher-alg/des3cbc = 'true' or ../cipher-alg/aes128cbc = 'true' or ../cipher-alg/aes192cbc = 'true' or ../cipher-alg/aes256cbc = 'true' or ../cipher-alg/aes128ctr = 'true' or ../cipher-alg/aes192ctr = 'true' or ../cipher-alg/aes256ctr = 'true' or ../cipher-alg/arcfour128 = 'true' or ../cipher-alg/arcfour256 = 'true' or ../cipher-alg/blowfishcbc = 'true' or ../cipher-alg/aes128gcm = 'true' or ../cipher-alg/aes256gcm = 'true'"; description "Configure Encryption algorithms supported for SSHS."; leaf descbc { type sshs-bool-type; default "false"; description "DES CBC encryption algorithm."; } leaf des3cbc { type sshs-bool-type; default "false"; description "3DES CBC encryption algorithm."; } leaf aes128cbc { type sshs-bool-type; default "false"; description "AES128 CBC encryption algorithm."; } leaf aes192cbc { type sshs-bool-type; default "false"; description "AES192 CBC encryption algorithm."; } leaf aes256cbc { type sshs-bool-type; default "false"; description "AES256 CBC encryption algorithm."; } leaf aes128ctr { type sshs-bool-type; default "true"; description "AES128 CTR encryption algorithm."; } leaf aes192ctr { type sshs-bool-type; default "true"; description "AES192 CTR encryption algorithm."; } leaf aes256ctr { type sshs-bool-type; default "true"; description "AES256 CTR encryption algorithm."; } leaf arcfour128 { type sshs-bool-type; default "false"; description "ARCFOUR128 encryption algorithm."; } leaf arcfour256 { type sshs-bool-type; default "false"; description "ARCFOUR256 encryption algorithm."; } leaf blowfishcbc { type sshs-bool-type; default "false"; description "BLOWFISH CBC encryption algorithm."; } leaf aes128gcm { type sshs-bool-type; default "true"; description "AES128 GCM encryption algorithm."; } leaf aes256gcm { type sshs-bool-type; default "true"; description "AES256 GCM encryption algorithm."; } } // container cipher-alg container hmac-alg { must "../hmac-alg/md5 = 'true' or ../hmac-alg/md596 = 'true' or ../hmac-alg/sha1 = 'true' or ../hmac-alg/sha196 = 'true' or ../hmac-alg/sha2256 = 'true' or ../hmac-alg/sha225696 = 'true' or ../hmac-alg/sha2512 = 'true'"; description "Configure HMAC algorithms supported for SSHS."; leaf md5 { type sshs-bool-type; default "false"; description "MD5 hmac algorithm."; } leaf md596 { type sshs-bool-type; default "false"; description "MD5_96 hmac algorithm."; } leaf sha1 { type sshs-bool-type; default "false"; description "SHA1 hmac algorithm."; } leaf sha196 { type sshs-bool-type; default "false"; description "SHA1_96 hmac algorithm."; } leaf sha2256 { type sshs-bool-type; default "true"; description "SHA2_256 hmac algorithm."; } leaf sha225696 { type sshs-bool-type; default "false"; description "SHA2_256_96 Hmac algorithm."; } leaf sha2512 { type sshs-bool-type; default "true"; description "SHA2_512 hmac algorithm."; } } // container hmac-alg container key-exc-alg { must "../key-exc-alg/dh-group14-sha1 = 'true' or ../key-exc-alg/dh-group1-sha1 = 'true' or ../key-exc-alg/ecdh-sha2-nistp521 = 'true' or ../key-exc-alg/ecdh-sha2-nistp384 = 'true' or ../key-exc-alg/ecdh-sha2-nistp256 = 'true' or ../key-exc-alg/dh-group-exchange-sha256 = 'true' or ../key-exc-alg/sm2-kep-sha2-nistp256 = 'true' or ../key-exc-alg/dh-group16-sha512 = 'true' or ../key-exc-alg/dh-group18-sha512 = 'true' or ../key-exc-alg/curve25519-sha256 = 'true'"; description "Configure key exchange algorithm."; leaf dh-group14-sha1 { type sshs-bool-type; default "false"; description "Diffie hellman group14 sha1 algorithm."; } leaf dh-group1-sha1 { type sshs-bool-type; default "false"; description "Diffie hellman group1 sha1 algorithm."; } leaf dh-group16-sha512 { type sshs-bool-type; default "true"; description "Diffie hellman group16 sha512 algorithm."; } leaf dh-group18-sha512 { type sshs-bool-type; default "true"; description "Diffie hellman group18 sha512 algorithm."; } leaf ecdh-sha2-nistp521 { type sshs-bool-type; default "false"; description "Ecdh sha2 nistp521 algorithm."; } leaf ecdh-sha2-nistp384 { type sshs-bool-type; default "false"; description "Ecdh sha2 nistp384 algorithm."; } leaf ecdh-sha2-nistp256 { type sshs-bool-type; default "false"; description "Ecdh sha2 nistp256 algorithm."; } leaf curve25519-sha256 { type sshs-bool-type; default "true"; description "Curve25519 sha256 algorithm."; } leaf dh-group-exchange-sha256 { type sshs-bool-type; default "true"; description "Diffie hellman group exchange sha256 algorithm."; } leaf dh-group-exchange-sha1 { type sshs-bool-type; default "false"; description "Diffie hellman group exchange sha1 algorithm."; } leaf sm2-kep-sha2-nistp256 { type sshs-bool-type; default "false"; description "Sm2kep sha2 nistp256 algorithm."; } leaf dh-min-len { type uint32 { range "1024 | 2048 | 3072 | 4096"; } default "3072"; description "Sets the minimum key length for a key exchange algorithm."; } } // container key-exc-alg container server-enable { description "Configure SSH server enable."; leaf stelnet-ipv4-enable { type sshs-enable-flag; default "disable"; description "User can enable the stelnet IPv4 server."; } leaf stelnet-ipv6-enable { type sshs-enable-flag; default "disable"; description "User can enable the stelnet IPv6 server."; } leaf sftp-ipv4-enable { type sshs-enable-flag; default "disable"; description "User can enable the sftp IPv4 server."; } leaf sftp-ipv6-enable { type sshs-enable-flag; default "disable"; description "User can enable the sftp IPv6 server."; } leaf scp-ipv4-enable { type sshs-enable-flag; default "disable"; description "User can enable the scp IPv4 server."; } leaf scp-ipv6-enable { type sshs-enable-flag; default "disable"; description "User can enable the scp IPv6 server."; } leaf snetconf-ipv4-enable { type sshs-enable-flag; default "disable"; description "User can enable the snetconf IPv4 server."; } leaf snetconf-ipv6-enable { type sshs-enable-flag; default "disable"; description "User can enable the snetconf IPv6 server."; } leaf netconf-830-ipv4-enable { type sshs-enable-flag; default "disable"; description "User can enable the snetconf IPv4 server of port 830."; } leaf netconf-830-ipv6-enable { type sshs-enable-flag; default "disable"; description "User can enable the snetconf IPv6 server of port 830."; } leaf tcp-forwarding { type boolean; default "false"; description "Enable/disable the TCP port forwarding server."; } } // container server-enable container server-port { description "Configure SSH server port."; leaf ipv4-port-number { type int32 { range "22 | 1025..65535"; } default "22"; description "User can change the number of the port monitored by the IPv4 SSH server."; } leaf ipv6-port-number { type int32 { range "22 | 1025..65535"; } default "22"; description "User can change the number of the port monitored by the SSH IPv6 server."; } } // container server-port container default-dir { description "Configure SSH server default dir."; leaf sftp-dir { type string { length "1..255"; } description "Default sftp default directory of SSH user. The specified folder path must exist, otherwise an error will be reported."; } } // container default-dir container pubkey-alg { must "../pubkey-alg/dsa = 'true' or ../pubkey-alg/ecc = 'true' or ../pubkey-alg/rsa = 'true' or ../pubkey-alg/sm2 = 'true' or ../pubkey-alg/x509v3-ssh-rsa = 'true' or ../pubkey-alg/rsa-sha2-256 = 'true' or ../pubkey-alg/rsa-sha2-512 = 'true'"; description "Configure public key algorithm."; leaf dsa { type boolean; default "false"; description "Enable/disable DSA public key algorithm."; } leaf ecc { type boolean; default "false"; description "Enable/disable ECC public key algorithm."; } leaf rsa { type boolean; default "false"; description "Enable/disable RSA public key algorithm."; } leaf sm2 { type boolean; default "false"; description "Enable/disable SM2 public key algorithm."; } leaf x509v3-ssh-rsa { type boolean; default "false"; description "Enable/disable X509 RSA public key algorithm."; } leaf rsa-sha2-256 { type boolean; default "true"; description "Enable/disable RSA SHA2-256 public key algorithm."; } leaf rsa-sha2-512 { type boolean; default "true"; description "Enable/disable RSA SHA2-512 public key algorithm."; } } // container pubkey-alg container login-fail-alarm { description "Configure alarm when manager login failed frequently."; leaf upper-limit { type uint32 { range "0..100"; } must "../upper-limit >= ../lower-limit"; default "30"; description "Login alarm report times, default is 30 times."; } leaf lower-limit { type uint32 { range "0..45"; } must "../lower-limit <= ../upper-limit"; default "20"; description "Login alarm resume times, default is 20 times."; } leaf period { type uint32 { range "1..120"; } units "min"; default "5"; description "Login alarm period, default is 5 minutes."; } } // container login-fail-alarm container rekey { description "Configure rekey."; leaf max-packet { type uint32 { range "268435456..2147483648"; } default "2147483648"; description "Rekey maximum packet number."; } leaf time { type int32 { range "30..1440"; } units "min"; default "60"; description "Rekey Time."; } leaf max-data { type int32 { range "100..10000"; } units "MB"; default "1000"; description "Rekey maximum data."; } } // container rekey container keyboard { description "Configure keyborad support."; leaf keyboard-enable { type keyboard-flag; default "enable-keyboard"; description "Flag of keyborad support."; } } // container keyboard container netconf { description "Configure SSH NCA Configuration list."; leaf timeout-min { type uint16 { range "0..35791"; } units "min"; default "10"; description "The timeout period for a terminal user in minutes."; } leaf timeout-sec { type uint8 { range "0..59"; } units "s"; default "0"; description "The timeout period for a terminal user in seconds."; } leaf max-sessions { type int32 { range "0..20"; } default "5"; description "User can configure maximum number of clients can be connected to server at any point of time for Netconf service. The maximum value is customized by the PAF file."; } } // container netconf container ipv4-server-sources { description "List of Specify the source interface."; list ipv4-server-source { key "src-interface"; max-elements 5; description "Configure Specify the source interface policy."; leaf src-interface { type pub-type:if-name; description "Specify the source interface name. The specified source interface must exist and an IP address must be configured on the interface."; } } // list ipv4-server-source } // container ipv4-server-sources container ipv4-isolate-server-sources { description "List of the isolate source interface and source address."; list ipv4-isolate-server-source { key "src-interface src-ipv4-addr"; max-elements 5; description "Configure the isolate source interface and source address."; leaf src-interface { type pub-type:if-name; must "count(/sshs/ipv4-server-sources/ipv4-server-source[src-interface = current()]) = 0"; description "Specify the source interface name."; } leaf src-ipv4-addr { type inet:ipv4-address-no-zone; description "Specify the source IPv4 address."; } } // list ipv4-isolate-server-source } // container ipv4-isolate-server-sources container ipv6-server-sources { description "List of SSH IPv6 server source address."; list ipv6-server-source { key "src-ipv6-addr"; max-elements 5; description "Configure SSH IPv6 server source address policy."; leaf src-ipv6-addr { type inet:ipv6-address-no-zone; description "SSH IPv6 server source IP address."; } leaf src-ipv6-vpn-name { type string { length "1..31"; } description "Specify the source VPN instance. The specified VPN instance must exist and IPv6-family must be enabled in the VPN instance."; } } // list ipv6-server-source } // container ipv6-server-sources container ipv6-isolate-server-sources { description "List of the isolate source interface and source IPv6 address."; list ipv6-isolate-server-source { key "src-interface src-ipv6-addr"; max-elements 5; description "Configure the isolate source interface and source IPv6 address."; leaf src-interface { type pub-type:if-name; description "Specify the source interface name."; } leaf src-ipv6-addr { type inet:ipv6-address-no-zone; must "count(/sshs/ipv6-server-sources/ipv6-server-source[src-ipv6-addr = current()]) = 0"; description "Specify the source IPv6 address."; } } // list ipv6-isolate-server-source } // container ipv6-isolate-server-sources container all-server-source { description "Configure Specify all interfaces."; leaf all-ipv4-interface { type boolean; default "false"; description "Enable/disable Specify all IPv4 interfaces."; } leaf all-ipv6-interface { type boolean; default "false"; description "Enable/disable Specify all IPv6 interfaces."; } } // container all-server-source container session-car { must "cir-interval<=pir-interval"; must "cbs-interval<=pbs-interval"; description "Configure SSH server session CAR."; leaf enable { type boolean; default "true"; description "Enable/disable session CAR."; } leaf cir-interval { type uint32 { range "1..1000000"; } units "kbit/s"; default "100"; description "Specify the session CAR CIR interval."; } leaf cbs-interval { type uint32 { range "1..10000000"; } units "bit/s"; default "3000000"; description "Specify the session CAR CBS interval."; } leaf pir-interval { type uint32 { range "1..1000000"; } units "kbit/s"; default "4000"; description "Specify the session CAR PIR interval."; } leaf pbs-interval { type uint32 { range "1..10000000"; } units "bit/s"; default "9000000"; description "Specify the session CAR PBS interval."; } } // container session-car container session-statuses { config false; description "List of Session statistic."; list session-status { key "session-num"; config false; max-elements 21; description "Session statistics."; leaf session-num { type int32 { range "0..1024"; } config false; description "Unique identification number for the session."; } leaf service-index { type string { length "0..12"; } config false; description "The connection index of the session belonging to particular service type."; } leaf version { type string { length "0..8"; } config false; description "The current SSH protocol version of the session."; } leaf conn-state { type connstate; config false; description "The state of the current connection."; } leaf user-name { type string { length "0..253"; } config false; description "Name of the user for the current session."; } leaf ctos-cipher { type string { length "0..32"; } config false; description "The encryption algorithm name used for transmission from client to server."; } leaf stoc-cipher { type string { length "0..32"; } config false; description "The encryption algorithm name used for transmission from server to client."; } leaf ctos-compress { type string { length "0..10"; } config false; description "The compression algorithm name used for transmission from client to server."; } leaf stoc-compress { type string { length "0..10"; } config false; description "The compression algorithm name used for transmission from server to client."; } leaf ctos-hmac { type string { length "0..32"; } config false; description "The MAC algorithm name chosen for the current client to server transmission for integrity."; } leaf stoc-hmac { type string { length "0..32"; } config false; description "The MAC algorithm name chosen for the current server to client transmission for integrity."; } leaf key-exchange { type string { length "0..64"; } config false; description "The key negotiation algorithm chosen for the current session."; } leaf service-type { type string { length "0..32"; } config false; description "The current session service type."; } leaf session-retry { type int32 { range "0..1024"; } config false; description "The number of times the user have retired authenticating to the server before successful connection for the current session."; } leaf session-auth-type { type string { length "0..32"; } config false; description "The authentication type used for the current session."; } leaf connection-port { type int32 { range "22..65535"; } config false; description "Port used for the current session."; } leaf session-key-type { type sshs-pubkey-type; config false; description "Public key type used for current session."; } } // list session-status } // container session-statuses container call-homes { description "List of Callhome configurations."; list call-home { key "call-home-name"; max-elements 1; description "Configure Callhome instance."; leaf call-home-name { type string { length "1..19"; } description "Callhome name."; } leaf reconnect-interval { type uint16 { range "5..300"; } units "s"; default "5"; description "Callhome reconnect interval."; } container end-points { description "List of the callhome connection instance configures."; list end-point { key "end-point-name"; max-elements 1; description "Configure the callhome connection instance."; leaf end-point-name { type string { length "1..64"; } description "The callhome connection instance name."; } choice address-hostname { description "Enter the IP address or host name."; case ip-address { description "The peer IP address."; leaf address { type inet:ip-address-no-zone; must "../port"; description "The peer IP address."; } } // case ip-address case host-name { description "The peer hostname."; leaf host-name { type string { length "1..255"; } must "../port and ../addr-type"; description "The peer hostname."; } leaf addr-type { type address-type; description "The address type."; } } // case host-name } // choice address-hostname leaf port { type uint16 { range "1..65535"; } description "The peer port number."; } leaf is-public-net { type boolean; description "Enable/disable the public network connection."; } leaf vpn-name { when "../is-public-net != 'true'"; type string { length "1..31"; } description "The peer VPN name."; } leaf src-ipaddress { type inet:ip-address-no-zone; description "The source IP address of the callhome."; } leaf keepalive-interval { type uint32 { range "0..60"; } units "min"; default "0"; description "The interval of the callhome keepalive packet."; } leaf keepalive-count { type uint32 { range "1..30"; } default "3"; description "The callhome keepalive maximum count."; } leaf connection-status { type connection-status-type; config false; description "The callhome connection status, connected or disconnected."; } } // list end-point } // container end-points } // list call-home } // container call-homes } // container sshs rpc activate-ip { description "Activate ip."; input { leaf ip-address { type inet:ip-address-no-zone; mandatory true; description "IP address."; } leaf vpn-name { type leafref { path "/ni:network-instance/ni:instances/ni:instance/ni:name"; } description "VPN name."; } } } // rpc activate-ip } // module huawei-sshs
© 2023 YumaWorks, Inc. All rights reserved.