modules/libnetconf2-netconf-server.yang

module libnetconf2-netconf-server {
  yang-version 1.1;
  namespace "urn:cesnet:libnetconf2-netconf-server";
  prefix np2;

  import ietf-netconf-server {
    prefix ncs;
  }

  import ietf-crypto-types {
    prefix ct;
  }

  augment "/ncs:netconf-server/ncs:listen/ncs:endpoint/ncs:transport/ncs:ssh/ncs:ssh/ncs:ssh-server-parameters/ncs:client-authentication" {
    leaf auth-attempts {
      type uint16;
      default 3;
    }

    leaf auth-timeout {
      type uint16;
      default 10;
      units "seconds";
    }
  }

  augment "/ncs:netconf-server/ncs:listen/ncs:endpoint/ncs:transport/ncs:ssh/ncs:ssh/ncs:ssh-server-parameters/ncs:client-authentication/ncs:users/ncs:user" {
    container keyboard-interactive {
      presence "";
      leaf pam-config-file-name {
        type string;
        mandatory true;
      }
      leaf pam-config-file-dir {
        type string;
      }
    }
  }

  augment "/ncs:netconf-server/ncs:listen/ncs:endpoint/ncs:transport" {
    case unix-socket {
      container unix-socket {
        leaf path {
          type string;
          mandatory true;
        }
        leaf mode {
          type uint16;
        }
        leaf uid {
          type uint16;
        }
        leaf gid {
          type uint16;
        }
      }
    }
  }

/*
  identity ed25519-private-key-format {
    base ct:private-key-format;
    description
      "This identity would indicate that the
       private key is encoded in a ED25519PrivateKey
       format. However no such format is currently
       standardized or even exists.

       If you wish to use a private key that uses
       an ED25519 algorithm, you need to pick either
       the private-key-info-format or
       openssh-private-key-format identity.";
  }
*/

  identity private-key-info-format {
    base ct:private-key-format;
    description
      "Indicates that the private key is encoded
       as a PrivateKeyInfo structure (from RFC 5208).

       The expected header of the private key:
       -----BEGIN PRIVATE KEY-----
       The expected footer of the private key:
       -----END PRIVATE KEY-----

       Supported private key algorithms to use with
       this format are: RSA, EC and ED25519.

       Commonly used public key format for this
       type of private key is represented by the
       SubjectPublicKeyInfo identity.";

    reference
      "RFC 5208: PKCS #8: Private-Key Information
                 Syntax Specification Version 1.2";
  }

  identity openssh-private-key-format {
    base ct:private-key-format;
    description
      "Indicates that the private key is encoded
       in the OpenSSH format.

       The expected header of the private key:
       -----BEGIN OPENSSH PRIVATE KEY-----
       The expected footer of the private key:
       -----END OPENSSH PRIVATE KEY-----

       Supported private key algorithms to use with
       this format are: RSA, EC and ED25519.

       Commonly used public key format for this
       type of private key is either the
       SSH2 public key format (from RFC 4716)
       or the Public key format defined in RFC 4253,
       Section 6.6.";

    reference
      "The OpenSSH Private Key Format:
        https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key

       RFC 4716:
        The Secure Shell (SSH) Public Key File Format

       RFC 4253:
        The Secure Shell (SSH) Transport Layer Protocol";
  }
}