(RFC 8174) when, and only when, they appear in all
capitals, as shown here.";
- revision 2023-04-17 {
+ revision 2023-12-28 {
description
"Initial version";
reference
description
"Indicates that the 'publickey' authentication type, per
RFC 4252, is supported for client identification.
-
The 'publickey' authentication type is required by
- RFC 4252, but common implementations enable it to
+ RFC 4252, but common implementations allow it to
be disabled.";
reference
"RFC 4252:
feature client-ident-none {
description
"Indicates that the 'none' authentication type, per
- RFC 4252, is supported for client identification.";
+ RFC 4252, is supported for client identification.
+ It is NOT RECOMMENDED to enable this feature.";
reference
"RFC 4252:
The Secure Shell (SSH) Authentication Protocol";
"RFC CCCC: A YANG Data Model for a Keystore";
uses ks:inline-or-keystore-asymmetric-key-grouping {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:ssh-public-key-format")';
+ must 'not(public-key-format) or derived-from-or-self'
+ + '(public-key-format, "ct:ssh-public-key-format")';
}
- refine "inline-or-keystore/keystore/keystore-reference" {
- must 'derived-from-or-self(deref(.)/../ks:public-key-'
- + 'format, "ct:ssh-public-key-format")';
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference" {
+ must 'not(deref(.)/../ks:public-key-format) or derived-'
+ + 'from-or-self(deref(.)/../ks:public-key-format, '
+ + '"ct:ssh-public-key-format")';
}
}
}
"RFC CCCC: A YANG Data Model for a Keystore";
uses ks:inline-or-keystore-asymmetric-key-grouping {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:ssh-public-key-format")';
+ must 'not(public-key-format) or derived-from-or-self('
+ + 'public-key-format, "ct:ssh-public-key-format")';
}
- refine "inline-or-keystore/keystore/keystore-reference" {
- must 'derived-from-or-self(deref(.)/../ks:public-key-'
- + 'format, "ct:ssh-public-key-format")';
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference" {
+ must 'not(deref(.)/../ks:public-key-format) or derived-'
+ + 'from-or-self(deref(.)/../ks:public-key-format, '
+ + '"ct:ssh-public-key-format")';
}
}
}
uses
ks:inline-or-keystore-end-entity-cert-with-key-grouping {
refine "inline-or-keystore/inline/inline-definition" {
- must 'derived-from-or-self(public-key-format,'
- + ' "ct:subject-public-key-info-format")';
+ must 'not(public-key-format) or derived-from-or-self('
+ + 'public-key-format, "ct:subject-public-key-info-'
+ + 'format")';
}
- refine "inline-or-keystore/keystore/keystore-reference"
- + "/asymmetric-key" {
- must 'derived-from-or-self(deref(.)/../ks:public-key-'
- + 'format, "ct:subject-public-key-info-format")';
+ refine "inline-or-keystore/central-keystore/"
+ + "central-keystore-reference/asymmetric-key" {
+ must 'not(deref(.)/../ks:public-key-format) or derived-'
+ + 'from-or-self(deref(.)/../ks:public-key-format, '
+ + '"ct:subject-public-key-info-format")';
}
}
}
must 'derived-from-or-self(public-key-format,'
+ ' "ct:ssh-public-key-format")';
}
- refine
- "inline-or-truststore/truststore/truststore-reference" {
+ refine "inline-or-truststore/central-truststore/"
+ + "central-truststore-reference" {
must 'not(deref(.)/../ts:public-key/ts:public-key-'
+ 'format[not(derived-from-or-self(., "ct:ssh-'
+ 'public-key-format"))])';
description
"Configures the keep-alive policy, to proactively test
the aliveness of the SSH server. An unresponsive SSH
- server is dropped after approximately max-wait *
+ server is dropped after approximately max-wait *
max-attempts seconds. Per Section 4 of RFC 4254,
the SSH client SHOULD send an SSH_MSG_GLOBAL_REQUEST
message with a purposely nonexistent 'request name'