diff options
Diffstat (limited to 'sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-ssh-server@2019-07-02.yang')
| -rw-r--r-- | sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-ssh-server@2019-07-02.yang | 333 |
1 files changed, 333 insertions, 0 deletions
diff --git a/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-ssh-server@2019-07-02.yang b/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-ssh-server@2019-07-02.yang new file mode 100644 index 000000000..62ecaad21 --- /dev/null +++ b/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-ssh-server@2019-07-02.yang @@ -0,0 +1,333 @@ +module ietf-ssh-server { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server"; + prefix sshs; + + import ietf-ssh-common { + prefix sshcmn; + revision-date 2019-07-02; + reference + "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers"; + } + import ietf-keystore { + prefix ks; + reference + "RFC ZZZZ: A YANG Data Model for a Keystore"; + } + import iana-crypt-hash { + prefix ianach; + reference + "RFC 7317: A YANG Data Model for System Management"; + } + import ietf-netconf-acm { + prefix nacm; + reference + "RFC 8341: Network Configuration Access Control Model"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: <http://datatracker.ietf.org/wg/netconf/> + WG List: <mailto:netconf@ietf.org> + Author: Kent Watsen <mailto:kent+ietf@watsen.net> + Author: Gary Wu <mailto:garywu@cisco.com>"; + description + "This module defines reusable groupings for SSH servers that + can be used as a basis for specific SSH server instances. + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-07-02 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers"; + } + + feature ssh-server-transport-params-config { + description + "SSH transport layer parameters are configurable on an SSH + server."; + } + + feature ssh-server-keepalives { + description + "Per socket SSH keepalive parameters are configurable for + SSH servers on the server implementing this feature."; + } + + feature local-client-auth-supported { + description + "Indicates that the SSH server supports local configuration + of client credentials."; + } + + feature external-client-auth-supported { + description + "Indicates that the SSH server supports external configuration + of client credentials."; + } + + grouping ssh-server-grouping { + description + "A reusable grouping for configuring a SSH server without + any consideration for how underlying TCP sessions are + established. + + Note that this grouping uses fairly typical descendent + node names such that a stack of 'uses' statements will + have name conflicts. It is intended that the consuming + data model will resolve the issue (e.g., by wrapping + the 'uses' statement in a container called + 'ssh-server-parameters'). This model purposely does + not do this itself so as to provide maximum flexibility + to consuming models."; + container server-identity { + nacm:default-deny-write; + description + "The list of host-keys the SSH server will present when + establishing a SSH connection."; + list host-key { + key "name"; + min-elements 1; + ordered-by user; + description + "An ordered list of host keys the SSH server will use to + construct its ordered list of algorithms, when sending + its SSH_MSG_KEXINIT message, as defined in Section 7.1 + of RFC 4253."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer + Protocol"; + leaf name { + type string; + description + "An arbitrary name for this host-key"; + } + choice host-key-type { + mandatory true; + description + "The type of host key being specified"; + container public-key { + description + "A locally-defined or referenced asymmetric key pair + to be used for the SSH server's host key."; + reference + "RFC ZZZZ: YANG Data Model for a Centralized + Keystore Mechanism"; + uses ks:local-or-keystore-asymmetric-key-grouping; + } + container certificate { + if-feature "sshcmn:ssh-x509-certs"; + description + "A locally-defined or referenced end-entity + certificate to be used for the SSH server's + host key."; + reference + "RFC ZZZZ: YANG Data Model for a Centralized + Keystore Mechanism"; + uses ks:local-or-keystore-end-entity-cert-with-key-grouping; + } + } + } + } + container client-authentication { + nacm:default-deny-write; + description + "Specifies if SSH client authentication is required or + optional, and specifies if the SSH client authentication + credentials are configured locally or externally."; + container supported-authentication-methods { + description + "Indicates which authentication methods the server + supports."; + leaf publickey { + type empty; + description + "Indicates that the 'publickey' method is supported. + Note that RFC 6187 X.509v3 Certificates for SSH uses + the 'publickey' method name."; + reference + "RFC 4252: The Secure Shell (SSH) Authentication + Protocol. + RFC 6187: X.509v3 Certificates for Secure Shell + Authentication."; + } + leaf passsword { + type empty; + description + "Indicates that the 'password' method is supported."; + reference + "RFC 4252: The Secure Shell (SSH) Authentication + Protocol."; + } + leaf hostbased { + type empty; + description + "Indicates that the 'hostbased' method is supported."; + reference + "RFC 4252: The Secure Shell (SSH) Authentication + Protocol."; + } + leaf none { + type empty; + description + "Indicates that the 'none' method is supported."; + reference + "RFC 4252: The Secure Shell (SSH) Authentication + Protocol."; + } + leaf-list other { + type string; + description + "Indicates a supported method name not defined by + RFC 4253."; + reference + "RFC 4252: The Secure Shell (SSH) Authentication + Protocol."; + } + } + choice local-or-external { + description + "Indicates if the client credentials are configured + locally or externally."; + case local { + if-feature "local-client-auth-supported"; + description + "Client credentials are configured locally."; + container users { + description + "A list of locally configured users."; + list user { + key "name"; + description + "The list of local users configured on this device."; + leaf name { + type string; + description + "The user name string identifying this entry."; + } + leaf password { + type ianach:crypt-hash; + description + "The password for this entry."; + } + list authorized-key { + key "name"; + description + "A list of public SSH keys for this user. These + keys are allowed for SSH authentication, as + described in RFC 4253."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer + Protocol"; + leaf name { + type string; + description + "An arbitrary name for the SSH key."; + } + leaf algorithm { + type string; + mandatory true; + description + "The public key algorithm name for this SSH key. + + Valid values are the values in the IANA 'Secure + Shell (SSH) Protocol Parameters' registry, + Public Key Algorithm Names."; + reference + "IANA 'Secure Shell (SSH) Protocol Parameters' + registry, Public Key Algorithm Names"; + } + leaf key-data { + type binary; + mandatory true; + description + "The binary public key data for this SSH key, as + specified by RFC 4253, Section 6.6, i.e.: + + string certificate or public key format + identifier + byte[n] key/certificate data."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer + Protocol"; + } + } + } + } + } + case external { + if-feature "external-client-auth-supported"; + description + "Client credentials are configured externally, such + as via RADIUS, RFC 7317, or another mechanism."; + leaf client-auth-defined-elsewhere { + type empty; + description + "Indicates that client credentials are configured + elsewhere."; + } + } + } + } + container transport-params { + nacm:default-deny-write; + if-feature "ssh-server-transport-params-config"; + description + "Configurable parameters of the SSH transport layer."; + uses sshcmn:transport-params-grouping; + } + container keepalives { + nacm:default-deny-write; + if-feature "ssh-server-keepalives"; + presence "Indicates that keepalives are enabled."; + description + "Configures the keep-alive policy, to proactively test + the aliveness of the SSL client. An unresponsive SSL + client is dropped after approximately max-wait * + max-attempts seconds."; + leaf max-wait { + type uint16 { + range "1..max"; + } + units "seconds"; + default "30"; + description + "Sets the amount of time in seconds after which + if no data has been received from the SSL client, + a SSL-level message will be sent to test the + aliveness of the SSL client."; + } + leaf max-attempts { + type uint8; + default "3"; + description + "Sets the maximum number of sequential keep-alive + messages that can fail to obtain a response from + the SSL client before assuming the SSL client is + no longer alive."; + } + } + } +}
\ No newline at end of file |