--- /dev/null
+<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1">
+ <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">module ietf-ssh-server {
+ yang-version 1.1;
+ namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server";
+ prefix sshs;
+
+ import ietf-inet-types {
+ prefix inet;
+ reference
+ "RFC 6991: Common YANG Data Types";
+ }
+
+ import ietf-keystore {
+ prefix ks;
+ reference
+ "RFC YYYY: Keystore Model";
+ }
+
+ organization
+ "IETF NETCONF (Network Configuration) Working Group";
+ contact
+ "WG Web: <http://tools.ietf.org/wg/netconf/>
+ WG List: <mailto:netconf@ietf.org>
+
+ WG Chair: Mehmet Ersue
+ <mailto:mehmet.ersue@nsn.com>
+
+ WG Chair: Mahesh Jethanandani
+ <mailto:mjethanandani@gmail.com>
+
+ Editor: Kent Watsen
+ <mailto:kwatsen@juniper.net>";
+ description
+ "This module defines a reusable grouping for a SSH server that
+ can be used as a basis for specific SSH server instances.
+
+ Copyright (c) 2014 IETF Trust and the persons identified as
+ authors of the code. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or
+ without modification, is permitted pursuant to, and subject
+ to the license terms contained in, the Simplified BSD
+ License set forth in Section 4.c of the IETF Trust's
+ Legal Provisions Relating to IETF Documents
+ (http://trustee.ietf.org/license-info).
+
+ This version of this YANG module is part of RFC XXXX; see
+ the RFC itself for full legal notices.";
+
+ revision 2016-11-02 {
+ description
+ "Initial version";
+ reference
+ "RFC XXXX: SSH Client and Server Models";
+ }
+
+ feature ssh-x509-certs {
+ description
+ "The ssh-x509-certs feature indicates that the NETCONF
+ server supports RFC 6187";
+ reference
+ "RFC 6187: X.509v3 Certificates for Secure Shell
+ Authentication";
+ }
+
+ grouping non-listening-ssh-server-grouping {
+ description
+ "A reusable grouping for a SSH server that can be used as a
+ basis for specific SSH server instances.";
+ container host-keys {
+ description
+ "The list of host-keys the SSH server will present when
+ establishing a SSH connection.";
+ list host-key {
+ key "name";
+ min-elements 1;
+ ordered-by user;
+ description
+ "An ordered list of host keys the SSH server will use to
+ construct its ordered list of algorithms, when sending
+ its SSH_MSG_KEXINIT message, as defined in Section 7.1
+ of RFC 4253.";
+ reference
+ "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
+ leaf name {
+ type string;
+ description
+ "An arbitrary name for this host-key";
+ }
+
+ choice host-key-type {
+ mandatory true;
+ description
+ "The type of host key being specified";
+ leaf public-key {
+ type leafref {
+ path "/ks:keystore/ks:private-keys/ks:private-key/ks:name";
+ }
+ description
+ "The public key is actually identified by the name of
+ its cooresponding private-key in the keystore.";
+ }
+
+ leaf certificate {
+ if-feature "ssh-x509-certs";
+ type leafref {
+ path "/ks:keystore/ks:private-keys/ks:private-key/ks:certificate-chains/ks:certificate-chain/ks:name";
+ }
+ description
+ "The name of a certificate in the keystore.";
+ }
+ }
+ }
+ }
+
+ container client-cert-auth {
+ if-feature "ssh-x509-certs";
+ description
+ "A reference to a list of trusted certificate authority (CA)
+ certificates and a reference to a list of trusted client
+ certificates.";
+ leaf trusted-ca-certs {
+ type leafref {
+ path "/ks:keystore/ks:trusted-certificates/ks:name";
+ }
+ description
+ "A reference to a list of certificate authority (CA)
+ certificates used by the SSH server to authenticate
+ SSH client certificates.";
+ }
+
+ leaf trusted-client-certs {
+ type leafref {
+ path "/ks:keystore/ks:trusted-certificates/ks:name";
+ }
+ description
+ "A reference to a list of client certificates used by
+ the SSH server to authenticate SSH client certificates.
+ A clients certificate is authenticated if it is an
+ exact match to a configured trusted client certificate.";
+ }
+ }
+ }
+
+ grouping listening-ssh-server-grouping {
+ description
+ "A reusable grouping for a SSH server that can be used as a
+ basis for specific SSH server instances.";
+ leaf address {
+ type inet:ip-address;
+ description
+ "The IP address of the interface to listen on. The SSH
+ server will listen on all interfaces if no value is
+ specified. Please note that some addresses have special
+ meanings (e.g., '0.0.0.0' and '::').";
+ }
+
+ leaf port {
+ type inet:port-number;
+ description
+ "The local port number on this interface the SSH server
+ listens on. When this grouping is used, it is RECOMMENED
+ that refine statement is used to either set a default port
+ value or to set mandatory true.";
+ }
+
+ uses non-listening-ssh-server-grouping;
+ }
+}
+</data>
+</rpc-reply>
Code Review / demo.git / blobdiff