diff options
Diffstat (limited to 'vnfs/TestVNF/netconftemplates/netconftemplates/ietf-ssh-server@2016-11-02.yang')
-rw-r--r-- | vnfs/TestVNF/netconftemplates/netconftemplates/ietf-ssh-server@2016-11-02.yang | 171 |
1 files changed, 171 insertions, 0 deletions
diff --git a/vnfs/TestVNF/netconftemplates/netconftemplates/ietf-ssh-server@2016-11-02.yang b/vnfs/TestVNF/netconftemplates/netconftemplates/ietf-ssh-server@2016-11-02.yang new file mode 100644 index 00000000..e7393114 --- /dev/null +++ b/vnfs/TestVNF/netconftemplates/netconftemplates/ietf-ssh-server@2016-11-02.yang @@ -0,0 +1,171 @@ +<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="m-1"> + <data xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">module ietf-ssh-server { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server"; + prefix sshs; + + import ietf-inet-types { + prefix inet; + reference + "RFC 6991: Common YANG Data Types"; + } + + import ietf-keystore { + prefix ks; + reference + "RFC YYYY: Keystore Model"; + } + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: <http://tools.ietf.org/wg/netconf/> + WG List: <mailto:netconf@ietf.org> + + WG Chair: Mehmet Ersue + <mailto:mehmet.ersue@nsn.com> + + WG Chair: Mahesh Jethanandani + <mailto:mjethanandani@gmail.com> + + Editor: Kent Watsen + <mailto:kwatsen@juniper.net>"; + description + "This module defines a reusable grouping for a SSH server that + can be used as a basis for specific SSH server instances. + + Copyright (c) 2014 IETF Trust and the persons identified as + authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices."; + + revision 2016-11-02 { + description + "Initial version"; + reference + "RFC XXXX: SSH Client and Server Models"; + } + + feature ssh-x509-certs { + description + "The ssh-x509-certs feature indicates that the NETCONF + server supports RFC 6187"; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + grouping non-listening-ssh-server-grouping { + description + "A reusable grouping for a SSH server that can be used as a + basis for specific SSH server instances."; + container host-keys { + description + "The list of host-keys the SSH server will present when + establishing a SSH connection."; + list host-key { + key "name"; + min-elements 1; + ordered-by user; + description + "An ordered list of host keys the SSH server will use to + construct its ordered list of algorithms, when sending + its SSH_MSG_KEXINIT message, as defined in Section 7.1 + of RFC 4253."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + leaf name { + type string; + description + "An arbitrary name for this host-key"; + } + + choice host-key-type { + mandatory true; + description + "The type of host key being specified"; + leaf public-key { + type leafref { + path "/ks:keystore/ks:private-keys/ks:private-key/ks:name"; + } + description + "The public key is actually identified by the name of + its cooresponding private-key in the keystore."; + } + + leaf certificate { + if-feature "ssh-x509-certs"; + type leafref { + path "/ks:keystore/ks:private-keys/ks:private-key/ks:certificate-chains/ks:certificate-chain/ks:name"; + } + description + "The name of a certificate in the keystore."; + } + } + } + } + + container client-cert-auth { + if-feature "ssh-x509-certs"; + description + "A reference to a list of trusted certificate authority (CA) + certificates and a reference to a list of trusted client + certificates."; + leaf trusted-ca-certs { + type leafref { + path "/ks:keystore/ks:trusted-certificates/ks:name"; + } + description + "A reference to a list of certificate authority (CA) + certificates used by the SSH server to authenticate + SSH client certificates."; + } + + leaf trusted-client-certs { + type leafref { + path "/ks:keystore/ks:trusted-certificates/ks:name"; + } + description + "A reference to a list of client certificates used by + the SSH server to authenticate SSH client certificates. + A clients certificate is authenticated if it is an + exact match to a configured trusted client certificate."; + } + } + } + + grouping listening-ssh-server-grouping { + description + "A reusable grouping for a SSH server that can be used as a + basis for specific SSH server instances."; + leaf address { + type inet:ip-address; + description + "The IP address of the interface to listen on. The SSH + server will listen on all interfaces if no value is + specified. Please note that some addresses have special + meanings (e.g., '0.0.0.0' and '::')."; + } + + leaf port { + type inet:port-number; + description + "The local port number on this interface the SSH server + listens on. When this grouping is used, it is RECOMMENED + that refine statement is used to either set a default port + value or to set mandatory true."; + } + + uses non-listening-ssh-server-grouping; + } +} +</data> +</rpc-reply> |