ietf-ssh-server

This module defines a reusable grouping for a SSH server that can be used as a basis for specific SSH server instances. Copyrig...

  • Version: 2015-10-09

    ietf-ssh-server@2015-10-09


    
      module ietf-ssh-server {
    
        yang-version 1.1;
    
        namespace
          "urn:ietf:params:xml:ns:yang:ietf-ssh-server";
    
        prefix ts;
    
        import ietf-inet-types {
          prefix inet;
        }
        import ietf-keychain {
          prefix kc;
          revision-date "2015-10-09";
        }
    
        organization
          "IETF NETCONF (Network Configuration) Working Group";
    
        contact
          "WG Web:   <http://tools.ietf.org/wg/netconf/>
    WG List:  <mailto:netconf@ietf.org>
    
    WG Chair: Mehmet Ersue
    	  <mailto:mehmet.ersue@nsn.com>
    WG Chair: Mahesh Jethanandani
    	  <mailto:mjethanandani@gmail.com>
    
    Editor:   Kent Watsen
    	  <mailto:kwatsen@juniper.net>";
    
        description
          "This module defines a reusable grouping for a SSH server that
    can be used as a basis for specific SSH server instances.
    
    Copyright (c) 2014 IETF Trust and the persons identified as
    authors of the code. All rights reserved.
    
    Redistribution and use in source and binary forms, with or
    without modification, is permitted pursuant to, and subject
    to the license terms contained in, the Simplified BSD
    License set forth in Section 4.c of the IETF Trust's
    Legal Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info).
    
    This version of this YANG module is part of RFC VVVV; see
    the RFC itself for full legal notices.";
    
        revision "2015-10-09" {
          description "Initial version";
          reference
            "RFC VVVV: NETCONF Server and RESTCONF Server Configuration
            	  Models";
    
        }
    
    
        feature ssh-x509-certs {
          description
            "The ssh-x509-certs feature indicates that the NETCONF
    server supports RFC 6187";
          reference
            "RFC 6187: X.509v3 Certificates for Secure Shell
            Authentication";
    
        }
    
        container listening-ssh-server {
          description
            "This container is only present to enable `pyang`
    tree diagram output, as a grouping by itself has
    no protocol accessible nodes to output.";
          leaf address {
            type inet:ip-address;
            description
              "The IP address of the interface to listen on. The SSH
    server will listen on all interfaces if no value is
    specified.";
          }
    
          leaf port {
            type inet:port-number;
            mandatory true;
            description
              "The local port number on this interface the SSH server
    listens on.";
          }
    
          container host-keys {
            description
              "The list of host-keys the SSH server will present when
    establishing a SSH connection.";
            list host-key {
              key "name";
              min-elements 1;
              ordered-by user;
              description
                "An ordered list of host keys the SSH server advertises
    when sending its ??? message.";
              reference
                "RFC ????: ...";
    
              leaf name {
                type string;
                mandatory true;
                description
                  "An arbitrary name for this host-key";
              }
    
              choice type {
                description
                  "The type of host key being specified";
                leaf public-key {
                  type leafref {
                    path "/kc:keychain/kc:private-keys/kc:private-key/kc:name";
                  }
                  description
                    "The name of a private-key in the keychain.";
                }
                leaf certificate {
                  if-feature ssh-x509-certs;
                  type leafref {
                    path "/kc:keychain/kc:private-keys/kc:private-key/kc:certificates/kc:certificate/kc:name";
                  }
                  description
                    "The name of a certificate in the keychain.";
                }
              }  // choice type
            }  // list host-key
          }  // container host-keys
    
          container client-cert-auth {
            if-feature ssh-x509-certs;
            description
              "A reference to a list of trusted certificate authority (CA)
    certificates and a reference to a list of trusted client
    certificates.";
            leaf trusted-ca-certs {
              type leafref {
                path "/kc:keychain/kc:trusted-certificates/kc:name";
              }
              description
                "A reference to a list of certificate authority (CA)
    certificates used by the SSH server to authenticate
    SSH client certificates.";
            }
    
            leaf trusted-client-certs {
              type leafref {
                path "/kc:keychain/kc:trusted-certificates/kc:name";
              }
              description
                "A reference to a list of client certificates used by
    the SSH server to authenticate SSH client certificates.
    A clients certificate is authenticated if it is an
    exact match to a configured trusted client certificate.";
            }
          }  // container client-cert-auth
        }  // container listening-ssh-server
      }  // module ietf-ssh-server
    

© 2023 YumaWorks, Inc. All rights reserved.