425 lines
15 KiB
YANG
425 lines
15 KiB
YANG
module ietf-ssh-server {
|
|
yang-version 1.1;
|
|
namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server";
|
|
prefix sshs;
|
|
|
|
import iana-crypt-hash {
|
|
prefix ianach;
|
|
reference
|
|
"RFC 7317: A YANG Data Model for System Management";
|
|
}
|
|
|
|
import ietf-netconf-acm {
|
|
prefix nacm;
|
|
reference
|
|
"RFC 8341: Network Configuration Access Control Model";
|
|
}
|
|
|
|
import ietf-crypto-types {
|
|
prefix ct;
|
|
reference
|
|
"RFC AAAA: YANG Data Types and Groupings for Cryptography";
|
|
}
|
|
|
|
import ietf-truststore {
|
|
prefix ts;
|
|
reference
|
|
"RFC BBBB: A YANG Data Model for a Truststore";
|
|
}
|
|
|
|
import ietf-keystore {
|
|
prefix ks;
|
|
reference
|
|
"RFC CCCC: A YANG Data Model for a Keystore";
|
|
}
|
|
|
|
import ietf-ssh-common {
|
|
prefix sshcmn;
|
|
reference
|
|
"RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
|
|
}
|
|
|
|
organization
|
|
"IETF NETCONF (Network Configuration) Working Group";
|
|
|
|
contact
|
|
"WG Web: https://datatracker.ietf.org/wg/netconf
|
|
WG List: NETCONF WG list <mailto:netconf@ietf.org>
|
|
Author: Kent Watsen <mailto:kent+ietf@watsen.net>";
|
|
|
|
description
|
|
"This module defines a reusable grouping for SSH servers that
|
|
can be used as a basis for specific SSH server instances.
|
|
|
|
Copyright (c) 2023 IETF Trust and the persons identified
|
|
as authors of the code. All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with
|
|
or without modification, is permitted pursuant to, and
|
|
subject to the license terms contained in, the Revised
|
|
BSD License set forth in Section 4.c of the IETF Trust's
|
|
Legal Provisions Relating to IETF Documents
|
|
(https://trustee.ietf.org/license-info).
|
|
|
|
This version of this YANG module is part of RFC EEEE
|
|
(https://www.rfc-editor.org/info/rfcEEEE); see the RFC
|
|
itself for full legal notices.
|
|
|
|
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
|
|
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
|
|
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
|
|
are to be interpreted as described in BCP 14 (RFC 2119)
|
|
(RFC 8174) when, and only when, they appear in all
|
|
capitals, as shown here.";
|
|
|
|
revision 2023-12-28 {
|
|
description
|
|
"Initial version";
|
|
reference
|
|
"RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
|
|
}
|
|
|
|
// Features
|
|
|
|
feature ssh-server-keepalives {
|
|
description
|
|
"Per socket SSH keepalive parameters are configurable for
|
|
SSH servers on the server implementing this feature.";
|
|
}
|
|
|
|
feature local-users-supported {
|
|
description
|
|
"Indicates that the configuration for users can be
|
|
configured herein, as opposed to in an application
|
|
specific location.";
|
|
}
|
|
|
|
feature local-user-auth-publickey {
|
|
if-feature "local-users-supported";
|
|
description
|
|
"Indicates that the 'publickey' authentication type,
|
|
per RFC 4252, is supported for locally-defined users.
|
|
The 'publickey' authentication type is required by
|
|
RFC 4252, but common implementations allow it to
|
|
be disabled.";
|
|
reference
|
|
"RFC 4252:
|
|
The Secure Shell (SSH) Authentication Protocol";
|
|
}
|
|
|
|
feature local-user-auth-password {
|
|
if-feature "local-users-supported";
|
|
description
|
|
"Indicates that the 'password' authentication type,
|
|
per RFC 4252, is supported for locally-defined users.";
|
|
reference
|
|
"RFC 4252:
|
|
The Secure Shell (SSH) Authentication Protocol";
|
|
}
|
|
|
|
feature local-user-auth-hostbased {
|
|
if-feature "local-users-supported";
|
|
description
|
|
"Indicates that the 'hostbased' authentication type,
|
|
per RFC 4252, is supported for locally-defined users.";
|
|
reference
|
|
"RFC 4252:
|
|
The Secure Shell (SSH) Authentication Protocol";
|
|
}
|
|
|
|
feature local-user-auth-none {
|
|
if-feature "local-users-supported";
|
|
description
|
|
"Indicates that the 'none' authentication type, per
|
|
RFC 4252, is supported. It is NOT RECOMMENDED to
|
|
enable this feature.";
|
|
reference
|
|
"RFC 4252:
|
|
The Secure Shell (SSH) Authentication Protocol";
|
|
}
|
|
|
|
// Groupings
|
|
|
|
grouping ssh-server-grouping {
|
|
description
|
|
"A reusable grouping for configuring a SSH server without
|
|
any consideration for how underlying TCP sessions are
|
|
established.
|
|
|
|
Note that this grouping uses fairly typical descendant
|
|
node names such that a nesting of 'uses' statements will
|
|
have name conflicts. It is intended that the consuming
|
|
data model will resolve the issue (e.g., by wrapping
|
|
the 'uses' statement in a container called
|
|
'ssh-server-parameters'). This model purposely does
|
|
not do this itself so as to provide maximum flexibility
|
|
to consuming models.";
|
|
|
|
container server-identity {
|
|
nacm:default-deny-write;
|
|
description
|
|
"The list of host keys the SSH server will present when
|
|
establishing a SSH connection.";
|
|
list host-key {
|
|
key "name";
|
|
min-elements 1;
|
|
ordered-by user;
|
|
description
|
|
"An ordered list of host keys (see RFC 4251) the SSH
|
|
server will use to construct its ordered list of
|
|
algorithms, when sending its SSH_MSG_KEXINIT message,
|
|
as defined in Section 7.1 of RFC 4253.";
|
|
reference
|
|
"RFC 4251: The Secure Shell (SSH) Protocol Architecture
|
|
RFC 4253: The Secure Shell (SSH) Transport Layer
|
|
Protocol";
|
|
leaf name {
|
|
type string;
|
|
description
|
|
"An arbitrary name for this host key";
|
|
}
|
|
choice host-key-type {
|
|
mandatory true;
|
|
description
|
|
"The type of host key being specified";
|
|
container public-key {
|
|
description
|
|
"A locally-defined or referenced asymmetric key pair
|
|
to be used for the SSH server's host key.";
|
|
reference
|
|
"RFC CCCC: A YANG Data Model for a Keystore";
|
|
uses ks:inline-or-keystore-asymmetric-key-grouping {
|
|
refine "inline-or-keystore/inline/inline-definition" {
|
|
must 'not(public-key-format) or derived-from-or-self'
|
|
+ '(public-key-format, "ct:ssh-public-key-format")';
|
|
|
|
}
|
|
refine "inline-or-keystore/central-keystore/"
|
|
+ "central-keystore-reference" {
|
|
must 'not(deref(.)/../ks:public-key-format) or '
|
|
+ 'derived-from-or-self(deref(.)/../ks:public-'
|
|
+ 'key-format, "ct:ssh-public-key-format")';
|
|
}
|
|
}
|
|
}
|
|
container certificate {
|
|
if-feature "sshcmn:ssh-x509-certs";
|
|
description
|
|
"A locally-defined or referenced end-entity
|
|
certificate to be used for the SSH server's
|
|
host key.";
|
|
reference
|
|
"RFC CCCC: A YANG Data Model for a Keystore";
|
|
uses
|
|
ks:inline-or-keystore-end-entity-cert-with-key-grouping{
|
|
refine "inline-or-keystore/inline/inline-definition" {
|
|
must 'not(public-key-format) or derived-from-or-self'
|
|
+ '(public-key-format, "ct:subject-public-key-'
|
|
+ 'info-format")';
|
|
}
|
|
refine "inline-or-keystore/central-keystore/"
|
|
+ "central-keystore-reference/asymmetric-key" {
|
|
must 'not(deref(.)/../ks:public-key-format) or '
|
|
+ 'derived-from-or-self(deref(.)/../ks:public-key'
|
|
+ '-format, "ct:subject-public-key-info-format")';
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} // container server-identity
|
|
|
|
container client-authentication {
|
|
nacm:default-deny-write;
|
|
description
|
|
"Specifies how the SSH server can be configured to
|
|
authenticate SSH clients. See RFC 4252 for a general
|
|
discussion about SSH authentication.";
|
|
reference
|
|
"RFC 4252: The Secure Shell (SSH) Transport Layer";
|
|
container users {
|
|
if-feature "local-users-supported";
|
|
description
|
|
"A list of locally configured users.";
|
|
list user {
|
|
key "name";
|
|
description
|
|
"A locally configured user.
|
|
|
|
The server SHOULD derive the list of authentication
|
|
'method names' returned to the SSH client from the
|
|
descendant nodes configured herein, per Sections
|
|
5.1 and 5.2 in RFC 4252.
|
|
|
|
The authentication methods are unordered. Clients
|
|
must authenticate to all configured methods.
|
|
Whenever a choice amongst methods arises,
|
|
implementations SHOULD use a default ordering
|
|
that prioritizes automation over human-interaction.";
|
|
leaf name {
|
|
type string;
|
|
description
|
|
"The 'user name' for the SSH client, as defined in
|
|
the SSH_MSG_USERAUTH_REQUEST message in RFC 4253.";
|
|
reference
|
|
"RFC 4253: The Secure Shell (SSH) Transport Layer
|
|
Protocol";
|
|
}
|
|
container public-keys {
|
|
if-feature "local-user-auth-publickey";
|
|
presence
|
|
"Indicates that public keys have been configured.
|
|
This statement is present so the mandatory descendant
|
|
nodes do not imply that this node must be
|
|
configured.";
|
|
description
|
|
"A set of SSH public keys may be used by the SSH
|
|
server to authenticate this user. A user is
|
|
authenticated if its public key is an exact
|
|
match to a configured public key.";
|
|
reference
|
|
"RFC BBBB: A YANG Data Model for a Truststore";
|
|
uses ts:inline-or-truststore-public-keys-grouping {
|
|
refine "inline-or-truststore/inline/inline-definition/"
|
|
+ "public-key" {
|
|
must 'derived-from-or-self(public-key-format,'
|
|
+ ' "ct:ssh-public-key-format")';
|
|
}
|
|
refine "inline-or-truststore/central-truststore/"
|
|
+ "central-truststore-reference" {
|
|
must 'not(deref(.)/../ts:public-key/ts:public-key-'
|
|
+ 'format[not(derived-from-or-self(., "ct:ssh-'
|
|
+ 'public-key-format"))])';
|
|
}
|
|
}
|
|
}
|
|
leaf password {
|
|
if-feature "local-user-auth-password";
|
|
type ianach:crypt-hash;
|
|
description
|
|
"The password for this user.";
|
|
}
|
|
container hostbased {
|
|
if-feature "local-user-auth-hostbased";
|
|
presence
|
|
"Indicates that hostbased [RFC4252] keys have been
|
|
configured. This statement is present so the
|
|
mandatory descendant nodes do not imply that this
|
|
node must be configured.";
|
|
description
|
|
"A set of SSH host keys used by the SSH server to
|
|
authenticate this user's host. A user's host is
|
|
authenticated if its host key is an exact match
|
|
to a configured host key.";
|
|
reference
|
|
"RFC 4252: The Secure Shell (SSH) Transport Layer
|
|
RFC BBBB: A YANG Data Model for a Truststore";
|
|
uses ts:inline-or-truststore-public-keys-grouping {
|
|
refine "inline-or-truststore/inline/inline-definition/"
|
|
+ "public-key" {
|
|
must 'derived-from-or-self(public-key-format,'
|
|
+ ' "ct:ssh-public-key-format")';
|
|
}
|
|
refine "inline-or-truststore/central-truststore/"
|
|
+ "central-truststore-reference" {
|
|
must 'not(deref(.)/../ts:public-key/ts:public-key-'
|
|
+ 'format[not(derived-from-or-self(., "ct:ssh-'
|
|
+ 'public-key-format"))])';
|
|
}
|
|
}
|
|
}
|
|
leaf none {
|
|
if-feature "local-user-auth-none";
|
|
type empty;
|
|
description
|
|
"Indicates that the 'none' method is configured
|
|
for this user.";
|
|
reference
|
|
"RFC 4252: The Secure Shell (SSH) Authentication
|
|
Protocol.";
|
|
}
|
|
}
|
|
} // users
|
|
container ca-certs {
|
|
if-feature "sshcmn:ssh-x509-certs";
|
|
presence
|
|
"Indicates that CA certificates have been configured.
|
|
This statement is present so the mandatory descendant
|
|
nodes do not imply this node must be configured.";
|
|
description
|
|
"A set of certificate authority (CA) certificates used by
|
|
the SSH server to authenticate SSH client certificates.
|
|
A client certificate is authenticated if it has a valid
|
|
chain of trust to a configured CA certificate.";
|
|
reference
|
|
"RFC BBBB: A YANG Data Model for a Truststore";
|
|
uses ts:inline-or-truststore-certs-grouping;
|
|
}
|
|
container ee-certs {
|
|
if-feature "sshcmn:ssh-x509-certs";
|
|
presence
|
|
"Indicates that EE certificates have been configured.
|
|
This statement is present so the mandatory descendant
|
|
nodes do not imply this node must be configured.";
|
|
description
|
|
"A set of client certificates (i.e., end entity
|
|
certificates) used by the SSH server to authenticate
|
|
the certificates presented by SSH clients. A client
|
|
certificate is authenticated if it is an exact match
|
|
to a configured end-entity certificate.";
|
|
reference
|
|
"RFC BBBB: A YANG Data Model for a Truststore";
|
|
uses ts:inline-or-truststore-certs-grouping;
|
|
}
|
|
} // container client-authentication
|
|
|
|
container transport-params {
|
|
nacm:default-deny-write;
|
|
if-feature "sshcmn:transport-params";
|
|
description
|
|
"Configurable parameters of the SSH transport layer.";
|
|
uses sshcmn:transport-params-grouping;
|
|
} // container transport-params
|
|
|
|
container keepalives {
|
|
nacm:default-deny-write;
|
|
if-feature "ssh-server-keepalives";
|
|
presence
|
|
"Indicates that the SSH server proactively tests the
|
|
aliveness of the remote SSH client.";
|
|
description
|
|
"Configures the keep-alive policy, to proactively test
|
|
the aliveness of the SSH client. An unresponsive SSH
|
|
client is dropped after approximately max-wait *
|
|
max-attempts seconds. Per Section 4 of RFC 4254,
|
|
the SSH server SHOULD send an SSH_MSG_GLOBAL_REQUEST
|
|
message with a purposely nonexistent 'request name'
|
|
value (e.g., keepalive@ietf.org) and the 'want reply'
|
|
value set to '1'.";
|
|
reference
|
|
"RFC 4254: The Secure Shell (SSH) Connection Protocol";
|
|
leaf max-wait {
|
|
type uint16 {
|
|
range "1..max";
|
|
}
|
|
units "seconds";
|
|
default "30";
|
|
description
|
|
"Sets the amount of time in seconds after which
|
|
if no data has been received from the SSH client,
|
|
a SSH-level message will be sent to test the
|
|
aliveness of the SSH client.";
|
|
}
|
|
leaf max-attempts {
|
|
type uint8;
|
|
default "3";
|
|
description
|
|
"Sets the maximum number of sequential keep-alive
|
|
messages that can fail to obtain a response from
|
|
the SSH client before assuming the SSH client is
|
|
no longer alive.";
|
|
}
|
|
}
|
|
} // grouping ssh-server-grouping
|
|
|
|
}
|