1 module ietf-ssh-server {
3 namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server";
6 import ietf-yang-types {
9 "RFC 6991: Common YANG Data Types";
12 import iana-crypt-hash {
15 "RFC 7317: A YANG Data Model for System Management";
18 import ietf-netconf-acm {
21 "RFC 8341: Network Configuration Access Control Model";
24 import ietf-crypto-types {
27 "RFC AAAA: YANG Data Types and Groupings for Cryptography";
30 import ietf-truststore {
33 "RFC BBBB: A YANG Data Model for a Truststore";
36 import ietf-keystore {
39 "RFC CCCC: A YANG Data Model for a Keystore";
42 import ietf-ssh-common {
45 "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
49 "IETF NETCONF (Network Configuration) Working Group";
52 "WG Web: https://datatracker.ietf.org/wg/netconf
53 WG List: NETCONF WG list <mailto:netconf@ietf.org>
54 Author: Kent Watsen <mailto:kent+ietf@watsen.net>";
57 "This module defines a reusable grouping for SSH servers that
58 can be used as a basis for specific SSH server instances.
60 Copyright (c) 2024 IETF Trust and the persons identified
61 as authors of the code. All rights reserved.
63 Redistribution and use in source and binary forms, with
64 or without modification, is permitted pursuant to, and
65 subject to the license terms contained in, the Revised
66 BSD License set forth in Section 4.c of the IETF Trust's
67 Legal Provisions Relating to IETF Documents
68 (https://trustee.ietf.org/license-info).
70 This version of this YANG module is part of RFC EEEE
71 (https://www.rfc-editor.org/info/rfcEEEE); see the RFC
72 itself for full legal notices.
74 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
75 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
76 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
77 are to be interpreted as described in BCP 14 (RFC 2119)
78 (RFC 8174) when, and only when, they appear in all
79 capitals, as shown here.";
85 "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
90 feature ssh-server-keepalives {
92 "Per socket SSH keepalive parameters are configurable for
93 SSH servers on the server implementing this feature.";
96 feature local-users-supported {
98 "Indicates that the configuration for users can be
99 configured herein, as opposed to in an application
103 feature local-user-auth-publickey {
104 if-feature "local-users-supported";
106 "Indicates that the 'publickey' authentication type,
107 per RFC 4252, is supported for locally-defined users.
108 The 'publickey' authentication type is required by
109 RFC 4252, but common implementations allow it to
113 The Secure Shell (SSH) Authentication Protocol";
116 feature local-user-auth-password {
117 if-feature "local-users-supported";
119 "Indicates that the 'password' authentication type,
120 per RFC 4252, is supported for locally-defined users.";
123 The Secure Shell (SSH) Authentication Protocol";
126 feature local-user-auth-hostbased {
127 if-feature "local-users-supported";
129 "Indicates that the 'hostbased' authentication type,
130 per RFC 4252, is supported for locally-defined users.";
133 The Secure Shell (SSH) Authentication Protocol";
136 feature local-user-auth-none {
137 if-feature "local-users-supported";
139 "Indicates that the 'none' authentication type, per
140 RFC 4252, is supported. It is NOT RECOMMENDED to
141 enable this feature.";
144 The Secure Shell (SSH) Authentication Protocol";
149 grouping ssh-server-grouping {
151 "A reusable grouping for configuring a SSH server without
152 any consideration for how underlying TCP sessions are
155 Note that this grouping uses fairly typical descendant
156 node names such that a nesting of 'uses' statements will
157 have name conflicts. It is intended that the consuming
158 data model will resolve the issue (e.g., by wrapping
159 the 'uses' statement in a container called
160 'ssh-server-parameters'). This model purposely does
161 not do this itself so as to provide maximum flexibility
162 to consuming models.";
164 container server-identity {
165 nacm:default-deny-write;
167 "The list of host keys the SSH server will present when
168 establishing a SSH connection.";
174 "An ordered list of host keys (see RFC 4251) the SSH
175 server will use to construct its ordered list of
176 algorithms, when sending its SSH_MSG_KEXINIT message,
177 as defined in Section 7.1 of RFC 4253.";
179 "RFC 4251: The Secure Shell (SSH) Protocol Architecture
180 RFC 4253: The Secure Shell (SSH) Transport Layer
185 "An arbitrary name for this host key";
187 choice host-key-type {
190 "The type of host key being specified";
191 container public-key {
193 "A locally-defined or referenced asymmetric key pair
194 to be used for the SSH server's host key.";
196 "RFC CCCC: A YANG Data Model for a Keystore";
197 uses ks:inline-or-keystore-asymmetric-key-grouping {
198 refine "inline-or-keystore/inline/inline-definition" {
199 must 'not(public-key-format) or derived-from-or-self'
200 + '(public-key-format, "ct:ssh-public-key-format")';
203 refine "inline-or-keystore/central-keystore/"
204 + "central-keystore-reference" {
205 must 'not(deref(.)/../ks:public-key-format) or '
206 + 'derived-from-or-self(deref(.)/../ks:public-'
207 + 'key-format, "ct:ssh-public-key-format")';
211 container certificate {
212 if-feature "sshcmn:ssh-x509-certs";
214 "A locally-defined or referenced end-entity
215 certificate to be used for the SSH server's
218 "RFC CCCC: A YANG Data Model for a Keystore";
220 ks:inline-or-keystore-end-entity-cert-with-key-grouping{
221 refine "inline-or-keystore/inline/inline-definition" {
222 must 'not(public-key-format) or derived-from-or-self'
223 + '(public-key-format, "ct:subject-public-key-'
226 refine "inline-or-keystore/central-keystore/"
227 + "central-keystore-reference/asymmetric-key" {
228 must 'not(deref(.)/../ks:public-key-format) or '
229 + 'derived-from-or-self(deref(.)/../ks:public-key'
230 + '-format, "ct:subject-public-key-info-format")';
236 } // container server-identity
238 container client-authentication {
239 nacm:default-deny-write;
241 "Specifies how the SSH server can be configured to
242 authenticate SSH clients. See RFC 4252 for a general
243 discussion about SSH authentication.";
245 "RFC 4252: The Secure Shell (SSH) Transport Layer";
247 if-feature "local-users-supported";
249 "A list of locally configured users.";
253 "A locally configured user.
255 The server SHOULD derive the list of authentication
256 'method names' returned to the SSH client from the
257 descendant nodes configured herein, per Sections
258 5.1 and 5.2 in RFC 4252.
260 The authentication methods are unordered. Clients
261 must authenticate to all configured methods.
262 Whenever a choice amongst methods arises,
263 implementations SHOULD use a default ordering
264 that prioritizes automation over human-interaction.";
268 "The 'user name' for the SSH client, as defined in
269 the SSH_MSG_USERAUTH_REQUEST message in RFC 4253.";
271 "RFC 4253: The Secure Shell (SSH) Transport Layer
274 container public-keys {
275 if-feature "local-user-auth-publickey";
277 "Indicates that public keys have been configured.
278 This statement is present so the mandatory descendant
279 nodes do not imply that this node must be
282 "A set of SSH public keys may be used by the SSH
283 server to authenticate this user. A user is
284 authenticated if its public key is an exact
285 match to a configured public key.";
287 "RFC BBBB: A YANG Data Model for a Truststore";
288 uses ts:inline-or-truststore-public-keys-grouping {
289 refine "inline-or-truststore/inline/inline-definition/"
291 must 'derived-from-or-self(public-key-format,'
292 + ' "ct:ssh-public-key-format")';
294 refine "inline-or-truststore/central-truststore/"
295 + "central-truststore-reference" {
296 must 'not(deref(.)/../ts:public-key/ts:public-key-'
297 + 'format[not(derived-from-or-self(., "ct:ssh-'
298 + 'public-key-format"))])';
304 "A password the SSH server may use to authenticate
305 this user. A user is authenticated if the hash
306 of the supplied password matches this value.";
307 leaf hashed-password {
308 if-feature "local-user-auth-password";
309 type ianach:crypt-hash;
311 "The password for this user.";
314 type yang:date-and-time;
317 "Identifies when the password was last set.";
320 container hostbased {
321 if-feature "local-user-auth-hostbased";
323 "Indicates that hostbased [RFC4252] keys have been
324 configured. This statement is present so the
325 mandatory descendant nodes do not imply that this
326 node must be configured.";
328 "A set of SSH host keys used by the SSH server to
329 authenticate this user's host. A user's host is
330 authenticated if its host key is an exact match
331 to a configured host key.";
333 "RFC 4252: The Secure Shell (SSH) Transport Layer
334 RFC BBBB: A YANG Data Model for a Truststore";
335 uses ts:inline-or-truststore-public-keys-grouping {
336 refine "inline-or-truststore/inline/inline-definition/"
338 must 'derived-from-or-self(public-key-format,'
339 + ' "ct:ssh-public-key-format")';
341 refine "inline-or-truststore/central-truststore/"
342 + "central-truststore-reference" {
343 must 'not(deref(.)/../ts:public-key/ts:public-key-'
344 + 'format[not(derived-from-or-self(., "ct:ssh-'
345 + 'public-key-format"))])';
350 if-feature "local-user-auth-none";
353 "Indicates that the 'none' method is configured
356 "RFC 4252: The Secure Shell (SSH) Authentication
362 if-feature "sshcmn:ssh-x509-certs";
364 "Indicates that CA certificates have been configured.
365 This statement is present so the mandatory descendant
366 nodes do not imply this node must be configured.";
368 "A set of certificate authority (CA) certificates used by
369 the SSH server to authenticate SSH client certificates.
370 A client certificate is authenticated if it has a valid
371 chain of trust to a configured CA certificate.";
373 "RFC BBBB: A YANG Data Model for a Truststore";
374 uses ts:inline-or-truststore-certs-grouping;
377 if-feature "sshcmn:ssh-x509-certs";
379 "Indicates that EE certificates have been configured.
380 This statement is present so the mandatory descendant
381 nodes do not imply this node must be configured.";
383 "A set of client certificates (i.e., end entity
384 certificates) used by the SSH server to authenticate
385 the certificates presented by SSH clients. A client
386 certificate is authenticated if it is an exact match
387 to a configured end-entity certificate.";
389 "RFC BBBB: A YANG Data Model for a Truststore";
390 uses ts:inline-or-truststore-certs-grouping;
392 } // container client-authentication
394 container transport-params {
395 nacm:default-deny-write;
396 if-feature "sshcmn:transport-params";
398 "Configurable parameters of the SSH transport layer.";
399 uses sshcmn:transport-params-grouping;
400 } // container transport-params
402 container keepalives {
403 nacm:default-deny-write;
404 if-feature "ssh-server-keepalives";
406 "Indicates that the SSH server proactively tests the
407 aliveness of the remote SSH client.";
409 "Configures the keep-alive policy, to proactively test
410 the aliveness of the SSH client. An unresponsive SSH
411 client is dropped after approximately max-wait *
412 max-attempts seconds. Per Section 4 of RFC 4254,
413 the SSH server SHOULD send an SSH_MSG_GLOBAL_REQUEST
414 message with a purposely nonexistent 'request name'
415 value (e.g., keepalive@ietf.org) and the 'want reply'
418 "RFC 4254: The Secure Shell (SSH) Connection Protocol";
426 "Sets the amount of time in seconds after which
427 if no data has been received from the SSH client,
428 a SSH-level message will be sent to test the
429 aliveness of the SSH client.";
435 "Sets the maximum number of sequential keep-alive
436 messages that can fail to obtain a response from
437 the SSH client before assuming the SSH client is
441 } // grouping ssh-server-grouping