<?xml version="1.0" encoding="UTF-8"?> <module name="ietf-ssh-server" xmlns="urn:ietf:params:xml:ns:yang:yin:1" xmlns:sshs="urn:ietf:params:xml:ns:yang:ietf-ssh-server" xmlns:inet="urn:ietf:params:xml:ns:yang:ietf-inet-types" xmlns:ks="urn:ietf:params:xml:ns:yang:ietf-keystore"> <yang-version value="1.1"/> <namespace uri="urn:ietf:params:xml:ns:yang:ietf-ssh-server"/> <prefix value="sshs"/> <import module="ietf-inet-types"> <prefix value="inet"/> <reference> <text>RFC 6991: Common YANG Data Types</text> </reference> </import> <import module="ietf-keystore"> <prefix value="ks"/> <reference> <text>RFC YYYY: Keystore Model</text> </reference> </import> <organization> <text>IETF NETCONF (Network Configuration) Working Group</text> </organization> <contact> <text>WG Web: &lt;http://tools.ietf.org/wg/netconf/&gt; WG List: &lt;mailto:netconf@ietf.org&gt; WG Chair: Mehmet Ersue &lt;mailto:mehmet.ersue@nsn.com&gt; WG Chair: Mahesh Jethanandani &lt;mailto:mjethanandani@gmail.com&gt; Editor: Kent Watsen &lt;mailto:kwatsen@juniper.net&gt;</text> </contact> <description> <text>This module defines a reusable grouping for a SSH server that can be used as a basis for specific SSH server instances. Copyright (c) 2014 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices.</text> </description> <revision date="2016-11-02"> <description> <text>Initial version</text> </description> <reference> <text>RFC XXXX: SSH Client and Server Models</text> </reference> </revision> <feature name="ssh-x509-certs"> <description> <text>The ssh-x509-certs feature indicates that the NETCONF server supports RFC 6187</text> </description> <reference> <text>RFC 6187: X.509v3 Certificates for Secure Shell Authentication</text> </reference> </feature> <grouping name="non-listening-ssh-server-grouping"> <description> <text>A reusable grouping for a SSH server that can be used as a basis for specific SSH server instances.</text> </description> <container name="host-keys"> <description> <text>The list of host-keys the SSH server will present when establishing a SSH connection.</text> </description> <list name="host-key"> <key value="name"/> <min-elements value="1"/> <ordered-by value="user"/> <description> <text>An ordered list of host keys the SSH server will use to construct its ordered list of algorithms, when sending its SSH_MSG_KEXINIT message, as defined in Section 7.1 of RFC 4253.</text> </description> <reference> <text>RFC 4253: The Secure Shell (SSH) Transport Layer Protocol</text> </reference> <leaf name="name"> <type name="string"/> <description> <text>An arbitrary name for this host-key</text> </description> </leaf> <choice name="host-key-type"> <mandatory value="true"/> <description> <text>The type of host key being specified</text> </description> <leaf name="public-key"> <type name="leafref"> <path value="/ks:keystore/ks:private-keys/ks:private-key/ks:name"/> </type> <description> <text>The public key is actually identified by the name of its cooresponding private-key in the keystore.</text> </description> </leaf> <leaf name="certificate"> <if-feature name="ssh-x509-certs"/> <type name="leafref"> <path value="/ks:keystore/ks:private-keys/ks:private-key/ks:certificate-chains/ks:certificate-chain/ks:name"/> </type> <description> <text>The name of a certificate in the keystore.</text> </description> </leaf> </choice> </list> </container> <container name="client-cert-auth"> <if-feature name="ssh-x509-certs"/> <description> <text>A reference to a list of trusted certificate authority (CA) certificates and a reference to a list of trusted client certificates.</text> </description> <leaf name="trusted-ca-certs"> <type name="leafref"> <path value="/ks:keystore/ks:trusted-certificates/ks:name"/> </type> <description> <text>A reference to a list of certificate authority (CA) certificates used by the SSH server to authenticate SSH client certificates.</text> </description> </leaf> <leaf name="trusted-client-certs"> <type name="leafref"> <path value="/ks:keystore/ks:trusted-certificates/ks:name"/> </type> <description> <text>A reference to a list of client certificates used by the SSH server to authenticate SSH client certificates. A clients certificate is authenticated if it is an exact match to a configured trusted client certificate.</text> </description> </leaf> </container> </grouping> <grouping name="listening-ssh-server-grouping"> <description> <text>A reusable grouping for a SSH server that can be used as a basis for specific SSH server instances.</text> </description> <leaf name="address"> <type name="inet:ip-address"/> <description> <text>The IP address of the interface to listen on. The SSH server will listen on all interfaces if no value is specified. Please note that some addresses have special meanings (e.g., '0.0.0.0' and '::').</text> </description> </leaf> <leaf name="port"> <type name="inet:port-number"/> <description> <text>The local port number on this interface the SSH server listens on. When this grouping is used, it is RECOMMENED that refine statement is used to either set a default port value or to set mandatory true.</text> </description> </leaf> <uses name="non-listening-ssh-server-grouping"/> </grouping> </module>