1 <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1">
2 <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">module ietf-ssh-server {
4 namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server";
7 import ietf-inet-types {
10 "RFC 6991: Common YANG Data Types";
13 import ietf-keystore {
16 "RFC YYYY: Keystore Model";
20 "IETF NETCONF (Network Configuration) Working Group";
22 "WG Web: <http://tools.ietf.org/wg/netconf/>
23 WG List: <mailto:netconf@ietf.org>
25 WG Chair: Mehmet Ersue
26 <mailto:mehmet.ersue@nsn.com>
28 WG Chair: Mahesh Jethanandani
29 <mailto:mjethanandani@gmail.com>
32 <mailto:kwatsen@juniper.net>";
34 "This module defines a reusable grouping for a SSH server that
35 can be used as a basis for specific SSH server instances.
37 Copyright (c) 2014 IETF Trust and the persons identified as
38 authors of the code. All rights reserved.
40 Redistribution and use in source and binary forms, with or
41 without modification, is permitted pursuant to, and subject
42 to the license terms contained in, the Simplified BSD
43 License set forth in Section 4.c of the IETF Trust's
44 Legal Provisions Relating to IETF Documents
45 (http://trustee.ietf.org/license-info).
47 This version of this YANG module is part of RFC XXXX; see
48 the RFC itself for full legal notices.";
54 "RFC XXXX: SSH Client and Server Models";
57 feature ssh-x509-certs {
59 "The ssh-x509-certs feature indicates that the NETCONF
60 server supports RFC 6187";
62 "RFC 6187: X.509v3 Certificates for Secure Shell
66 grouping non-listening-ssh-server-grouping {
68 "A reusable grouping for a SSH server that can be used as a
69 basis for specific SSH server instances.";
72 "The list of host-keys the SSH server will present when
73 establishing a SSH connection.";
79 "An ordered list of host keys the SSH server will use to
80 construct its ordered list of algorithms, when sending
81 its SSH_MSG_KEXINIT message, as defined in Section 7.1
84 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
88 "An arbitrary name for this host-key";
91 choice host-key-type {
94 "The type of host key being specified";
97 path "/ks:keystore/ks:private-keys/ks:private-key/ks:name";
100 "The public key is actually identified by the name of
101 its cooresponding private-key in the keystore.";
105 if-feature "ssh-x509-certs";
107 path "/ks:keystore/ks:private-keys/ks:private-key/ks:certificate-chains/ks:certificate-chain/ks:name";
110 "The name of a certificate in the keystore.";
116 container client-cert-auth {
117 if-feature "ssh-x509-certs";
119 "A reference to a list of trusted certificate authority (CA)
120 certificates and a reference to a list of trusted client
122 leaf trusted-ca-certs {
124 path "/ks:keystore/ks:trusted-certificates/ks:name";
127 "A reference to a list of certificate authority (CA)
128 certificates used by the SSH server to authenticate
129 SSH client certificates.";
132 leaf trusted-client-certs {
134 path "/ks:keystore/ks:trusted-certificates/ks:name";
137 "A reference to a list of client certificates used by
138 the SSH server to authenticate SSH client certificates.
139 A clients certificate is authenticated if it is an
140 exact match to a configured trusted client certificate.";
145 grouping listening-ssh-server-grouping {
147 "A reusable grouping for a SSH server that can be used as a
148 basis for specific SSH server instances.";
150 type inet:ip-address;
152 "The IP address of the interface to listen on. The SSH
153 server will listen on all interfaces if no value is
154 specified. Please note that some addresses have special
155 meanings (e.g., '0.0.0.0' and '::').";
159 type inet:port-number;
161 "The local port number on this interface the SSH server
162 listens on. When this grouping is used, it is RECOMMENED
163 that refine statement is used to either set a default port
164 value or to set mandatory true.";
167 uses non-listening-ssh-server-grouping;