--- /dev/null
+<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1">
+ <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring"><?xml version="1.0" encoding="UTF-8"?>
+<module name="ietf-ssh-server"
+ xmlns="urn:ietf:params:xml:ns:yang:yin:1"
+ xmlns:sshs="urn:ietf:params:xml:ns:yang:ietf-ssh-server"
+ xmlns:inet="urn:ietf:params:xml:ns:yang:ietf-inet-types"
+ xmlns:ks="urn:ietf:params:xml:ns:yang:ietf-keystore">
+ <yang-version value="1.1"/>
+ <namespace uri="urn:ietf:params:xml:ns:yang:ietf-ssh-server"/>
+ <prefix value="sshs"/>
+ <import module="ietf-inet-types">
+ <prefix value="inet"/>
+ <reference>
+ <text>RFC 6991: Common YANG Data Types</text>
+ </reference>
+ </import>
+ <import module="ietf-keystore">
+ <prefix value="ks"/>
+ <reference>
+ <text>RFC YYYY: Keystore Model</text>
+ </reference>
+ </import>
+ <organization>
+ <text>IETF NETCONF (Network Configuration) Working Group</text>
+ </organization>
+ <contact>
+ <text>WG Web: &lt;http://tools.ietf.org/wg/netconf/&gt;
+WG List: &lt;mailto:netconf@ietf.org&gt;
+
+WG Chair: Mehmet Ersue
+ &lt;mailto:mehmet.ersue@nsn.com&gt;
+
+WG Chair: Mahesh Jethanandani
+ &lt;mailto:mjethanandani@gmail.com&gt;
+
+Editor: Kent Watsen
+ &lt;mailto:kwatsen@juniper.net&gt;</text>
+ </contact>
+ <description>
+ <text>This module defines a reusable grouping for a SSH server that
+can be used as a basis for specific SSH server instances.
+
+Copyright (c) 2014 IETF Trust and the persons identified as
+authors of the code. All rights reserved.
+
+Redistribution and use in source and binary forms, with or
+without modification, is permitted pursuant to, and subject
+to the license terms contained in, the Simplified BSD
+License set forth in Section 4.c of the IETF Trust's
+Legal Provisions Relating to IETF Documents
+(http://trustee.ietf.org/license-info).
+
+This version of this YANG module is part of RFC XXXX; see
+the RFC itself for full legal notices.</text>
+ </description>
+ <revision date="2016-11-02">
+ <description>
+ <text>Initial version</text>
+ </description>
+ <reference>
+ <text>RFC XXXX: SSH Client and Server Models</text>
+ </reference>
+ </revision>
+ <feature name="ssh-x509-certs">
+ <description>
+ <text>The ssh-x509-certs feature indicates that the NETCONF
+server supports RFC 6187</text>
+ </description>
+ <reference>
+ <text>RFC 6187: X.509v3 Certificates for Secure Shell
+Authentication</text>
+ </reference>
+ </feature>
+ <grouping name="non-listening-ssh-server-grouping">
+ <description>
+ <text>A reusable grouping for a SSH server that can be used as a
+basis for specific SSH server instances.</text>
+ </description>
+ <container name="host-keys">
+ <description>
+ <text>The list of host-keys the SSH server will present when
+establishing a SSH connection.</text>
+ </description>
+ <list name="host-key">
+ <key value="name"/>
+ <min-elements value="1"/>
+ <ordered-by value="user"/>
+ <description>
+ <text>An ordered list of host keys the SSH server will use to
+construct its ordered list of algorithms, when sending
+its SSH_MSG_KEXINIT message, as defined in Section 7.1
+of RFC 4253.</text>
+ </description>
+ <reference>
+ <text>RFC 4253: The Secure Shell (SSH) Transport Layer Protocol</text>
+ </reference>
+ <leaf name="name">
+ <type name="string"/>
+ <description>
+ <text>An arbitrary name for this host-key</text>
+ </description>
+ </leaf>
+ <choice name="host-key-type">
+ <mandatory value="true"/>
+ <description>
+ <text>The type of host key being specified</text>
+ </description>
+ <leaf name="public-key">
+ <type name="leafref">
+ <path value="/ks:keystore/ks:private-keys/ks:private-key/ks:name"/>
+ </type>
+ <description>
+ <text>The public key is actually identified by the name of
+its cooresponding private-key in the keystore.</text>
+ </description>
+ </leaf>
+ <leaf name="certificate">
+ <if-feature name="ssh-x509-certs"/>
+ <type name="leafref">
+ <path value="/ks:keystore/ks:private-keys/ks:private-key/ks:certificate-chains/ks:certificate-chain/ks:name"/>
+ </type>
+ <description>
+ <text>The name of a certificate in the keystore.</text>
+ </description>
+ </leaf>
+ </choice>
+ </list>
+ </container>
+ <container name="client-cert-auth">
+ <if-feature name="ssh-x509-certs"/>
+ <description>
+ <text>A reference to a list of trusted certificate authority (CA)
+certificates and a reference to a list of trusted client
+certificates.</text>
+ </description>
+ <leaf name="trusted-ca-certs">
+ <type name="leafref">
+ <path value="/ks:keystore/ks:trusted-certificates/ks:name"/>
+ </type>
+ <description>
+ <text>A reference to a list of certificate authority (CA)
+certificates used by the SSH server to authenticate
+SSH client certificates.</text>
+ </description>
+ </leaf>
+ <leaf name="trusted-client-certs">
+ <type name="leafref">
+ <path value="/ks:keystore/ks:trusted-certificates/ks:name"/>
+ </type>
+ <description>
+ <text>A reference to a list of client certificates used by
+the SSH server to authenticate SSH client certificates.
+A clients certificate is authenticated if it is an
+exact match to a configured trusted client certificate.</text>
+ </description>
+ </leaf>
+ </container>
+ </grouping>
+ <grouping name="listening-ssh-server-grouping">
+ <description>
+ <text>A reusable grouping for a SSH server that can be used as a
+basis for specific SSH server instances.</text>
+ </description>
+ <leaf name="address">
+ <type name="inet:ip-address"/>
+ <description>
+ <text>The IP address of the interface to listen on. The SSH
+server will listen on all interfaces if no value is
+specified. Please note that some addresses have special
+meanings (e.g., '0.0.0.0' and '::').</text>
+ </description>
+ </leaf>
+ <leaf name="port">
+ <type name="inet:port-number"/>
+ <description>
+ <text>The local port number on this interface the SSH server
+listens on. When this grouping is used, it is RECOMMENED
+that refine statement is used to either set a default port
+value or to set mandatory true.</text>
+ </description>
+ </leaf>
+ <uses name="non-listening-ssh-server-grouping"/>
+ </grouping>
+</module>
+</data>
+</rpc-reply>