| module ietf-ssh-server { |
| yang-version 1.1; |
| namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server"; |
| prefix sshs; |
| |
| import iana-crypt-hash { |
| prefix ianach; |
| reference |
| "RFC 7317: A YANG Data Model for System Management"; |
| } |
| |
| import ietf-netconf-acm { |
| prefix nacm; |
| reference |
| "RFC 8341: Network Configuration Access Control Model"; |
| } |
| |
| import ietf-crypto-types { |
| prefix ct; |
| reference |
| "RFC AAAA: YANG Data Types and Groupings for Cryptography"; |
| } |
| |
| import ietf-truststore { |
| prefix ts; |
| reference |
| "RFC BBBB: A YANG Data Model for a Truststore"; |
| } |
| |
| import ietf-keystore { |
| prefix ks; |
| reference |
| "RFC CCCC: A YANG Data Model for a Keystore"; |
| } |
| |
| import ietf-ssh-common { |
| prefix sshcmn; |
| revision-date 2022-07-18; // stable grouping definitions |
| reference |
| "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers"; |
| } |
| |
| organization |
| "IETF NETCONF (Network Configuration) Working Group"; |
| |
| contact |
| "WG Web: https://datatracker.ietf.org/wg/netconf |
| WG List: NETCONF WG list <mailto:netconf@ietf.org> |
| Author: Kent Watsen <mailto:kent+ietf@watsen.net> |
| Author: Gary Wu <mailto:garywu@cisco.com>"; |
| |
| description |
| "This module defines reusable groupings for SSH servers that |
| can be used as a basis for specific SSH server instances. |
| |
| Copyright (c) 2022 IETF Trust and the persons identified |
| as authors of the code. All rights reserved. |
| |
| Redistribution and use in source and binary forms, with |
| or without modification, is permitted pursuant to, and |
| subject to the license terms contained in, the Revised |
| BSD License set forth in Section 4.c of the IETF Trust's |
| Legal Provisions Relating to IETF Documents |
| (https://trustee.ietf.org/license-info). |
| |
| This version of this YANG module is part of RFC EEEE |
| (https://www.rfc-editor.org/info/rfcEEEE); see the RFC |
| itself for full legal notices. |
| |
| The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', |
| 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', |
| 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document |
| are to be interpreted as described in BCP 14 (RFC 2119) |
| (RFC 8174) when, and only when, they appear in all |
| capitals, as shown here."; |
| |
| revision 2022-07-18 { |
| description |
| "Initial version"; |
| reference |
| "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers"; |
| } |
| |
| // Features |
| |
| feature ssh-server-keepalives { |
| description |
| "Per socket SSH keepalive parameters are configurable for |
| SSH servers on the server implementing this feature."; |
| } |
| |
| feature local-users-supported { |
| description |
| "Indicates that the configuration for users can be |
| configured herein, as opposed to in an application |
| specific location."; |
| } |
| |
| feature local-user-auth-publickey { |
| if-feature "local-users-supported"; |
| description |
| "Indicates that the 'publickey' authentication type, |
| per RFC 4252, is supported for locally-defined users. |
| |
| The 'publickey' authentication type is required by |
| RFC 4252, but common implementations enable it to |
| be disabled."; |
| reference |
| "RFC 4252: |
| The Secure Shell (SSH) Authentication Protocol"; |
| } |
| |
| feature local-user-auth-password { |
| if-feature "local-users-supported"; |
| description |
| "Indicates that the 'password' authentication type, |
| per RFC 4252, is supported for locally-defined users."; |
| reference |
| "RFC 4252: |
| The Secure Shell (SSH) Authentication Protocol"; |
| } |
| |
| feature local-user-auth-hostbased { |
| if-feature "local-users-supported"; |
| description |
| "Indicates that the 'hostbased' authentication type, |
| per RFC 4252, is supported for locally-defined users."; |
| reference |
| "RFC 4252: |
| The Secure Shell (SSH) Authentication Protocol"; |
| } |
| |
| feature local-user-auth-none { |
| if-feature "local-users-supported"; |
| description |
| "Indicates that the 'none' authentication type, per |
| RFC 4252, is supported. It is NOT RECOMMENDED to |
| enable this feature."; |
| reference |
| "RFC 4252: |
| The Secure Shell (SSH) Authentication Protocol"; |
| } |
| |
| // Groupings |
| |
| grouping ssh-server-grouping { |
| description |
| "A reusable grouping for configuring a SSH server without |
| any consideration for how underlying TCP sessions are |
| established. |
| |
| Note that this grouping uses fairly typical descendant |
| node names such that a stack of 'uses' statements will |
| have name conflicts. It is intended that the consuming |
| data model will resolve the issue (e.g., by wrapping |
| the 'uses' statement in a container called |
| 'ssh-server-parameters'). This model purposely does |
| not do this itself so as to provide maximum flexibility |
| to consuming models."; |
| |
| container server-identity { |
| nacm:default-deny-write; |
| description |
| "The list of host keys the SSH server will present when |
| establishing a SSH connection."; |
| list host-key { |
| key "name"; |
| min-elements 1; |
| ordered-by user; |
| description |
| "An ordered list of host keys the SSH server will use to |
| construct its ordered list of algorithms, when sending |
| its SSH_MSG_KEXINIT message, as defined in Section 7.1 |
| of RFC 4253."; |
| reference |
| "RFC 4253: The Secure Shell (SSH) Transport Layer |
| Protocol"; |
| leaf name { |
| type string; |
| description |
| "An arbitrary name for this host key"; |
| } |
| choice host-key-type { |
| mandatory true; |
| description |
| "The type of host key being specified"; |
| container public-key { |
| description |
| "A locally-defined or referenced asymmetric key pair |
| to be used for the SSH server's host key."; |
| reference |
| "RFC CCCC: A YANG Data Model for a Keystore"; |
| uses ks:local-or-keystore-asymmetric-key-grouping { |
| refine "local-or-keystore/local/local-definition" { |
| must |
| 'public-key-format = "ct:ssh-public-key-format"'; |
| } |
| refine "local-or-keystore/keystore/" |
| + "keystore-reference" { |
| must 'deref(.)/../ks:public-key-format' |
| + ' = "ct:ssh-public-key-format"'; |
| } |
| } |
| } |
| container certificate { |
| if-feature "sshcmn:ssh-x509-certs"; |
| description |
| "A locally-defined or referenced end-entity |
| certificate to be used for the SSH server's |
| host key."; |
| reference |
| "RFC CCCC: A YANG Data Model for a Keystore"; |
| uses |
| ks:local-or-keystore-end-entity-cert-with-key-grouping { |
| refine "local-or-keystore/local/local-definition" { |
| must 'public-key-format' |
| + ' = "ct:subject-public-key-info-format"'; |
| } |
| refine "local-or-keystore/keystore/keystore-reference" |
| + "/asymmetric-key" { |
| must 'deref(.)/../ks:public-key-format' |
| + ' = "ct:subject-public-key-info-format"'; |
| } |
| } |
| } |
| } |
| } |
| } // container server-identity |
| |
| container client-authentication { |
| nacm:default-deny-write; |
| description |
| "Specifies how the SSH server can authenticate SSH clients."; |
| container users { |
| if-feature "local-users-supported"; |
| description |
| "A list of locally configured users."; |
| list user { |
| key "name"; |
| description |
| "A locally configured user. |
| |
| The server SHOULD derive the list of authentication |
| 'method names' returned to the SSH client from the |
| descendant nodes configured herein, per Sections |
| 5.1 and 5.2 in RFC 4252. |
| |
| The authentication methods are unordered. Clients |
| must authenticate to all configured methods. |
| Whenever a choice amongst methods arises, |
| implementations SHOULD use a default ordering |
| that prioritizes automation over human-interaction."; |
| leaf name { |
| type string; |
| description |
| "The 'user name' for the SSH client, as defined in |
| the SSH_MSG_USERAUTH_REQUEST message in RFC 4253."; |
| } |
| container public-keys { |
| if-feature "local-user-auth-publickey"; |
| presence |
| "Indicates that public keys have been configured. |
| This statement is present so the mandatory descendant |
| nodes do not imply that this node must be |
| configured."; |
| description |
| "A set of SSH public keys may be used by the SSH |
| server to authenticate this user. A user is |
| authenticated if its public key is an exact |
| match to a configured public key."; |
| reference |
| "RFC BBBB: A YANG Data Model for a Truststore"; |
| uses ts:local-or-truststore-public-keys-grouping { |
| refine "local-or-truststore/local/local-definition" |
| + "/public-key" { |
| must 'public-key-format' |
| + ' = "ct:ssh-public-key-format"'; |
| } |
| refine "local-or-truststore/truststore/" |
| + "truststore-reference" { |
| must 'deref(.)/../*/ts:public-key-format' |
| + ' = "ct:ssh-public-key-format"'; |
| } |
| } |
| } |
| leaf password { |
| if-feature "local-user-auth-password"; |
| type ianach:crypt-hash; |
| description |
| "The password for this user."; |
| } |
| container hostbased { |
| if-feature "local-user-auth-hostbased"; |
| presence |
| "Indicates that hostbased keys have been configured. |
| This statement is present so the mandatory descendant |
| nodes do not imply that this node must be |
| configured."; |
| description |
| "A set of SSH host keys used by the SSH server to |
| authenticate this user's host. A user's host is |
| authenticated if its host key is an exact match |
| to a configured host key."; |
| reference |
| "RFC 4253: The Secure Shell (SSH) Transport Layer |
| RFC BBBB: A YANG Data Model for a Truststore"; |
| uses ts:local-or-truststore-public-keys-grouping { |
| refine "local-or-truststore/local/local-definition" |
| + "/public-key" { |
| must 'public-key-format' |
| + ' = "ct:ssh-public-key-format"'; |
| } |
| refine "local-or-truststore/truststore" |
| + "/truststore-reference" { |
| must 'deref(.)/../*/ts:public-key-format' |
| + ' = "ct:ssh-public-key-format"'; |
| } |
| } |
| } |
| leaf none { |
| if-feature "local-user-auth-none"; |
| type empty; |
| description |
| "Indicates that the 'none' method is configured |
| for this user."; |
| reference |
| "RFC 4252: The Secure Shell (SSH) Authentication |
| Protocol."; |
| } |
| } |
| } |
| container ca-certs { |
| if-feature "sshcmn:ssh-x509-certs"; |
| presence |
| "Indicates that CA certificates have been configured. |
| This statement is present so the mandatory descendant |
| nodes do not imply this node must be configured."; |
| description |
| "A set of certificate authority (CA) certificates used by |
| the SSH server to authenticate SSH client certificates. |
| A client certificate is authenticated if it has a valid |
| chain of trust to a configured CA certificate."; |
| reference |
| "RFC BBBB: A YANG Data Model for a Truststore"; |
| uses ts:local-or-truststore-certs-grouping; |
| } |
| container ee-certs { |
| if-feature "sshcmn:ssh-x509-certs"; |
| presence |
| "Indicates that EE certificates have been configured. |
| This statement is present so the mandatory descendant |
| nodes do not imply this node must be configured."; |
| description |
| "A set of client certificates (i.e., end entity |
| certificates) used by the SSH server to authenticate |
| the certificates presented by SSH clients. A client |
| certificate is authenticated if it is an exact match |
| to a configured end-entity certificate."; |
| reference |
| "RFC BBBB: A YANG Data Model for a Truststore"; |
| uses ts:local-or-truststore-certs-grouping; |
| } |
| } // container client-authentication |
| |
| container transport-params { |
| nacm:default-deny-write; |
| if-feature "sshcmn:transport-params"; |
| description |
| "Configurable parameters of the SSH transport layer."; |
| uses sshcmn:transport-params-grouping; |
| } // container transport-params |
| |
| container keepalives { |
| nacm:default-deny-write; |
| if-feature "ssh-server-keepalives"; |
| presence |
| "Indicates that the SSH server proactively tests the |
| aliveness of the remote SSH client."; |
| description |
| "Configures the keep-alive policy, to proactively test |
| the aliveness of the SSL client. An unresponsive SSL |
| client is dropped after approximately max-wait * |
| max-attempts seconds. Per Section 4 of RFC 4254, |
| the SSH server SHOULD send an SSH_MSG_GLOBAL_REQUEST |
| message with a purposely nonexistent 'request name' |
| value (e.g., keepalive@ietf.org) and the 'want reply' |
| value set to '1'."; |
| reference |
| "RFC 4254: The Secure Shell (SSH) Connection Protocol"; |
| leaf max-wait { |
| type uint16 { |
| range "1..max"; |
| } |
| units "seconds"; |
| default "30"; |
| description |
| "Sets the amount of time in seconds after which |
| if no data has been received from the SSL client, |
| a SSL-level message will be sent to test the |
| aliveness of the SSL client."; |
| } |
| leaf max-attempts { |
| type uint8; |
| default "3"; |
| description |
| "Sets the maximum number of sequential keep-alive |
| messages that can fail to obtain a response from |
| the SSL client before assuming the SSL client is |
| no longer alive."; |
| } |
| } |
| } // grouping ssh-server-grouping |
| |
| } |