1 module ietf-ssh-server {
3 namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server";
6 import iana-crypt-hash {
9 "RFC 7317: A YANG Data Model for System Management";
12 import ietf-netconf-acm {
15 "RFC 8341: Network Configuration Access Control Model";
18 import ietf-crypto-types {
21 "RFC AAAA: YANG Data Types and Groupings for Cryptography";
24 import ietf-truststore {
27 "RFC BBBB: A YANG Data Model for a Truststore";
30 import ietf-keystore {
33 "RFC CCCC: A YANG Data Model for a Keystore";
36 import ietf-ssh-common {
39 "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
43 "IETF NETCONF (Network Configuration) Working Group";
46 "WG Web: https://datatracker.ietf.org/wg/netconf
47 WG List: NETCONF WG list <mailto:netconf@ietf.org>
48 Author: Kent Watsen <mailto:kent+ietf@watsen.net>";
51 "This module defines a reusable grouping for SSH servers that
52 can be used as a basis for specific SSH server instances.
54 Copyright (c) 2023 IETF Trust and the persons identified
55 as authors of the code. All rights reserved.
57 Redistribution and use in source and binary forms, with
58 or without modification, is permitted pursuant to, and
59 subject to the license terms contained in, the Revised
60 BSD License set forth in Section 4.c of the IETF Trust's
61 Legal Provisions Relating to IETF Documents
62 (https://trustee.ietf.org/license-info).
64 This version of this YANG module is part of RFC EEEE
65 (https://www.rfc-editor.org/info/rfcEEEE); see the RFC
66 itself for full legal notices.
68 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
69 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
70 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
71 are to be interpreted as described in BCP 14 (RFC 2119)
72 (RFC 8174) when, and only when, they appear in all
73 capitals, as shown here.";
79 "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
84 feature ssh-server-keepalives {
86 "Per socket SSH keepalive parameters are configurable for
87 SSH servers on the server implementing this feature.";
90 feature local-users-supported {
92 "Indicates that the configuration for users can be
93 configured herein, as opposed to in an application
97 feature local-user-auth-publickey {
98 if-feature "local-users-supported";
100 "Indicates that the 'publickey' authentication type,
101 per RFC 4252, is supported for locally-defined users.
102 The 'publickey' authentication type is required by
103 RFC 4252, but common implementations allow it to
107 The Secure Shell (SSH) Authentication Protocol";
110 feature local-user-auth-password {
111 if-feature "local-users-supported";
113 "Indicates that the 'password' authentication type,
114 per RFC 4252, is supported for locally-defined users.";
117 The Secure Shell (SSH) Authentication Protocol";
120 feature local-user-auth-hostbased {
121 if-feature "local-users-supported";
123 "Indicates that the 'hostbased' authentication type,
124 per RFC 4252, is supported for locally-defined users.";
127 The Secure Shell (SSH) Authentication Protocol";
130 feature local-user-auth-none {
131 if-feature "local-users-supported";
133 "Indicates that the 'none' authentication type, per
134 RFC 4252, is supported. It is NOT RECOMMENDED to
135 enable this feature.";
138 The Secure Shell (SSH) Authentication Protocol";
143 grouping ssh-server-grouping {
145 "A reusable grouping for configuring a SSH server without
146 any consideration for how underlying TCP sessions are
149 Note that this grouping uses fairly typical descendant
150 node names such that a nesting of 'uses' statements will
151 have name conflicts. It is intended that the consuming
152 data model will resolve the issue (e.g., by wrapping
153 the 'uses' statement in a container called
154 'ssh-server-parameters'). This model purposely does
155 not do this itself so as to provide maximum flexibility
156 to consuming models.";
158 container server-identity {
159 nacm:default-deny-write;
161 "The list of host keys the SSH server will present when
162 establishing a SSH connection.";
168 "An ordered list of host keys (see RFC 4251) the SSH
169 server will use to construct its ordered list of
170 algorithms, when sending its SSH_MSG_KEXINIT message,
171 as defined in Section 7.1 of RFC 4253.";
173 "RFC 4251: The Secure Shell (SSH) Protocol Architecture
174 RFC 4253: The Secure Shell (SSH) Transport Layer
179 "An arbitrary name for this host key";
181 choice host-key-type {
184 "The type of host key being specified";
185 container public-key {
187 "A locally-defined or referenced asymmetric key pair
188 to be used for the SSH server's host key.";
190 "RFC CCCC: A YANG Data Model for a Keystore";
191 uses ks:inline-or-keystore-asymmetric-key-grouping {
192 refine "inline-or-keystore/inline/inline-definition" {
193 must 'not(public-key-format) or derived-from-or-self'
194 + '(public-key-format, "ct:ssh-public-key-format")';
197 refine "inline-or-keystore/central-keystore/"
198 + "central-keystore-reference" {
199 must 'not(deref(.)/../ks:public-key-format) or '
200 + 'derived-from-or-self(deref(.)/../ks:public-'
201 + 'key-format, "ct:ssh-public-key-format")';
205 container certificate {
206 if-feature "sshcmn:ssh-x509-certs";
208 "A locally-defined or referenced end-entity
209 certificate to be used for the SSH server's
212 "RFC CCCC: A YANG Data Model for a Keystore";
214 ks:inline-or-keystore-end-entity-cert-with-key-grouping{
215 refine "inline-or-keystore/inline/inline-definition" {
216 must 'not(public-key-format) or derived-from-or-self'
217 + '(public-key-format, "ct:subject-public-key-'
220 refine "inline-or-keystore/central-keystore/"
221 + "central-keystore-reference/asymmetric-key" {
222 must 'not(deref(.)/../ks:public-key-format) or '
223 + 'derived-from-or-self(deref(.)/../ks:public-key'
224 + '-format, "ct:subject-public-key-info-format")';
230 } // container server-identity
232 container client-authentication {
233 nacm:default-deny-write;
235 "Specifies how the SSH server can be configured to
236 authenticate SSH clients. See RFC 4252 for a general
237 discussion about SSH authentication.";
239 "RFC 4252: The Secure Shell (SSH) Transport Layer";
241 if-feature "local-users-supported";
243 "A list of locally configured users.";
247 "A locally configured user.
249 The server SHOULD derive the list of authentication
250 'method names' returned to the SSH client from the
251 descendant nodes configured herein, per Sections
252 5.1 and 5.2 in RFC 4252.
254 The authentication methods are unordered. Clients
255 must authenticate to all configured methods.
256 Whenever a choice amongst methods arises,
257 implementations SHOULD use a default ordering
258 that prioritizes automation over human-interaction.";
262 "The 'user name' for the SSH client, as defined in
263 the SSH_MSG_USERAUTH_REQUEST message in RFC 4253.";
265 "RFC 4253: The Secure Shell (SSH) Transport Layer
268 container public-keys {
269 if-feature "local-user-auth-publickey";
271 "Indicates that public keys have been configured.
272 This statement is present so the mandatory descendant
273 nodes do not imply that this node must be
276 "A set of SSH public keys may be used by the SSH
277 server to authenticate this user. A user is
278 authenticated if its public key is an exact
279 match to a configured public key.";
281 "RFC BBBB: A YANG Data Model for a Truststore";
282 uses ts:inline-or-truststore-public-keys-grouping {
283 refine "inline-or-truststore/inline/inline-definition/"
285 must 'derived-from-or-self(public-key-format,'
286 + ' "ct:ssh-public-key-format")';
288 refine "inline-or-truststore/central-truststore/"
289 + "central-truststore-reference" {
290 must 'not(deref(.)/../ts:public-key/ts:public-key-'
291 + 'format[not(derived-from-or-self(., "ct:ssh-'
292 + 'public-key-format"))])';
297 if-feature "local-user-auth-password";
298 type ianach:crypt-hash;
300 "The password for this user.";
302 container hostbased {
303 if-feature "local-user-auth-hostbased";
305 "Indicates that hostbased [RFC4252] keys have been
306 configured. This statement is present so the
307 mandatory descendant nodes do not imply that this
308 node must be configured.";
310 "A set of SSH host keys used by the SSH server to
311 authenticate this user's host. A user's host is
312 authenticated if its host key is an exact match
313 to a configured host key.";
315 "RFC 4252: The Secure Shell (SSH) Transport Layer
316 RFC BBBB: A YANG Data Model for a Truststore";
317 uses ts:inline-or-truststore-public-keys-grouping {
318 refine "inline-or-truststore/inline/inline-definition/"
320 must 'derived-from-or-self(public-key-format,'
321 + ' "ct:ssh-public-key-format")';
323 refine "inline-or-truststore/central-truststore/"
324 + "central-truststore-reference" {
325 must 'not(deref(.)/../ts:public-key/ts:public-key-'
326 + 'format[not(derived-from-or-self(., "ct:ssh-'
327 + 'public-key-format"))])';
332 if-feature "local-user-auth-none";
335 "Indicates that the 'none' method is configured
338 "RFC 4252: The Secure Shell (SSH) Authentication
344 if-feature "sshcmn:ssh-x509-certs";
346 "Indicates that CA certificates have been configured.
347 This statement is present so the mandatory descendant
348 nodes do not imply this node must be configured.";
350 "A set of certificate authority (CA) certificates used by
351 the SSH server to authenticate SSH client certificates.
352 A client certificate is authenticated if it has a valid
353 chain of trust to a configured CA certificate.";
355 "RFC BBBB: A YANG Data Model for a Truststore";
356 uses ts:inline-or-truststore-certs-grouping;
359 if-feature "sshcmn:ssh-x509-certs";
361 "Indicates that EE certificates have been configured.
362 This statement is present so the mandatory descendant
363 nodes do not imply this node must be configured.";
365 "A set of client certificates (i.e., end entity
366 certificates) used by the SSH server to authenticate
367 the certificates presented by SSH clients. A client
368 certificate is authenticated if it is an exact match
369 to a configured end-entity certificate.";
371 "RFC BBBB: A YANG Data Model for a Truststore";
372 uses ts:inline-or-truststore-certs-grouping;
374 } // container client-authentication
376 container transport-params {
377 nacm:default-deny-write;
378 if-feature "sshcmn:transport-params";
380 "Configurable parameters of the SSH transport layer.";
381 uses sshcmn:transport-params-grouping;
382 } // container transport-params
384 container keepalives {
385 nacm:default-deny-write;
386 if-feature "ssh-server-keepalives";
388 "Indicates that the SSH server proactively tests the
389 aliveness of the remote SSH client.";
391 "Configures the keep-alive policy, to proactively test
392 the aliveness of the SSH client. An unresponsive SSH
393 client is dropped after approximately max-wait *
394 max-attempts seconds. Per Section 4 of RFC 4254,
395 the SSH server SHOULD send an SSH_MSG_GLOBAL_REQUEST
396 message with a purposely nonexistent 'request name'
397 value (e.g., keepalive@ietf.org) and the 'want reply'
400 "RFC 4254: The Secure Shell (SSH) Connection Protocol";
408 "Sets the amount of time in seconds after which
409 if no data has been received from the SSH client,
410 a SSH-level message will be sent to test the
411 aliveness of the SSH client.";
417 "Sets the maximum number of sequential keep-alive
418 messages that can fail to obtain a response from
419 the SSH client before assuming the SSH client is
423 } // grouping ssh-server-grouping