Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / CESNET / libnetconf2 / 466719d7d52a3c6094716644af3ae3fadc82a9b1 / . / modules / libnetconf2-netconf-server.yang
blob: c9994bec65bb76b4e77c1c232f4faff4206ef830 [file] [log] [blame]
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]1module libnetconf2-netconf-server {
2 yang-version 1.1;
3 namespace "urn:cesnet:libnetconf2-netconf-server";
4 prefix np2;
5
6 import ietf-netconf-server {
7 prefix ncs;
8 }
9
roman44600f42023-04-28 15:54:27 +0200[diff] [blame]10 import ietf-crypto-types {
11 prefix ct;
12 }
13
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]14 augment "/ncs:netconf-server/ncs:listen/ncs:endpoint/ncs:transport/ncs:ssh/ncs:ssh/ncs:ssh-server-parameters/ncs:client-authentication" {
15 leaf auth-attempts {
16 type uint16;
17 default 3;
18 }
19
20 leaf auth-timeout {
21 type uint16;
22 default 10;
23 units "seconds";
24 }
25 }
26
27 augment "/ncs:netconf-server/ncs:listen/ncs:endpoint/ncs:transport/ncs:ssh/ncs:ssh/ncs:ssh-server-parameters/ncs:client-authentication/ncs:users/ncs:user" {
28 container keyboard-interactive {
29 presence "";
30 leaf pam-config-file-name {
31 type string;
32 mandatory true;
33 }
34 leaf pam-config-file-dir {
35 type string;
36 }
37 }
38 }
roman83683fb2023-02-24 09:15:23 +0100[diff] [blame]39
40 augment "/ncs:netconf-server/ncs:listen/ncs:endpoint/ncs:transport" {
41 case unix-socket {
42 container unix-socket {
43 leaf path {
44 type string;
45 mandatory true;
46 }
47 leaf mode {
48 type uint16;
49 }
50 leaf uid {
51 type uint16;
52 }
53 leaf gid {
54 type uint16;
55 }
56 }
57 }
58 }
roman44600f42023-04-28 15:54:27 +0200[diff] [blame]59
roman466719d2023-05-05 16:14:37 +0200[diff] [blame^]60/*
roman44600f42023-04-28 15:54:27 +0200[diff] [blame]61 identity ed25519-private-key-format {
62 base ct:private-key-format;
roman466719d2023-05-05 16:14:37 +0200[diff] [blame^]63 description
64 "This identity would indicate that the
65 private key is encoded in a ED25519PrivateKey
66 format. However no such format is currently
67 standardized or even exists.
68
69 If you wish to use a private key that uses
70 an ED25519 algorithm, you need to pick either
71 the private-key-info-format or
72 openssh-private-key-format identity.";
73 }
74*/
75
76 identity private-key-info-format {
77 base ct:private-key-format;
78 description
79 "Indicates that the private key is encoded
80 as a PrivateKeyInfo structure (from RFC 5208).
81
82 The expected header of the private key:
83 -----BEGIN PRIVATE KEY-----
84 The expected footer of the private key:
85 -----END PRIVATE KEY-----
86
87 Supported private key algorithms to use with
88 this format are: RSA, EC and ED25519.
89
90 Commonly used public key format for this
91 type of private key is represented by the
92 SubjectPublicKeyInfo identity.";
93
94 reference
95 "RFC 5208: PKCS #8: Private-Key Information
96 Syntax Specification Version 1.2";
97 }
98
99 identity openssh-private-key-format {
100 base ct:private-key-format;
101 description
102 "Indicates that the private key is encoded
103 in the OpenSSH format.
104
105 The expected header of the private key:
106 -----BEGIN OPENSSH PRIVATE KEY-----
107 The expected footer of the private key:
108 -----END OPENSSH PRIVATE KEY-----
109
110 Supported private key algorithms to use with
111 this format are: RSA, EC and ED25519.
112
113 Commonly used public key format for this
114 type of private key is either the
115 SSH2 public key format (from RFC 4716)
116 or the Public key format defined in RFC 4253,
117 Section 6.6.";
118
119 reference
120 "The OpenSSH Private Key Format:
121 https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
122
123 RFC 4716:
124 The Secure Shell (SSH) Public Key File Format
125
126 RFC 4253:
127 The Secure Shell (SSH) Transport Layer Protocol";
roman44600f42023-04-28 15:54:27 +0200[diff] [blame]128 }
romanc1d2b092023-02-02 08:58:27 +0100[diff] [blame]129}