module ietf-ssh-client {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-client";
prefix "sshc";
import ietf-ssh-common {
prefix sshcom;
revision-date 2017-06-13; // stable grouping definitions
reference
"RFC XXXX: SSH Client and Server Models";
}
import ietf-netconf-acm {
prefix nacm;
reference
"RFC 6536: Network Configuration Protocol (NETCONF) Access
Control Model";
}
import ietf-keystore {
prefix ks;
reference
"RFC YYYY: Keystore Model";
}
organization
"IETF NETCONF (Network Configuration) Working Group";
contact
"WG Web:
WG List:
Author: Kent Watsen
Author: Gary Wu
";
description
"This module defines a reusable grouping for a SSH client that
can be used as a basis for specific SSH client instances.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD
License set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices.";
revision "2017-06-13" {
description
"Initial version";
reference
"RFC XXXX: SSH Client and Server Models";
}
feature ssh-client-transport-params-config {
description
"SSH transport layer parameters are configurable on an SSH
client.";
}
grouping ssh-client-grouping {
description
"A reusable grouping for configuring a SSH client without
any consideration for how an underlying TCP session is
established.";
container server-auth {
must 'trusted-ssh-host-keys or trusted-ca-certs or trusted-server-certs';
description
"Trusted server identities.";
leaf trusted-ssh-host-keys {
type leafref {
path "/ks:keystore/ks:trusted-host-keys/ks:name";
}
description
"A reference to a list of SSH host keys used by the
SSH client to authenticate SSH server host keys.
A server host key is authenticate if it is an exact
match to a configured trusted SSH host key.";
}
leaf trusted-ca-certs {
if-feature sshcom:ssh-x509-certs;
type leafref {
path "/ks:keystore/ks:trusted-certificates/ks:name";
}
description
"A reference to a list of certificate authority (CA)
certificates used by the SSH client to authenticate
SSH server certificates. A server certificate is
authenticated if it has a valid chain of trust to
a configured trusted CA certificate.";
}
leaf trusted-server-certs {
if-feature sshcom:ssh-x509-certs;
type leafref {
path "/ks:keystore/ks:trusted-certificates/ks:name";
}
description
"A reference to a list of server certificates used by
the SSH client to authenticate SSH server certificates.
A server certificate is authenticated if it is an
exact match to a configured trusted server certificate.";
}
}
container client-auth {
description
"The credentials used by the client to authenticate to
the SSH server.";
leaf username {
type string;
description
"The username of this user. This will be the username
used, for instance, to log into an SSH server.";
}
choice auth-type {
description
"The authentication type.";
leaf certificate {
if-feature sshcom:ssh-x509-certs;
type leafref {
path "/ks:keystore/ks:keys/ks:key/ks:certificates/"
+ "ks:certificate/ks:name";
}
description
"A certificates to be used for user authentication.";
}
leaf public-key {
type leafref {
path "/ks:keystore/ks:keys/ks:key/ks:name";
}
description
"A public keys to be used for user authentication.";
}
leaf password {
nacm:default-deny-all;
type string;
description
"A password to be used for user authentication.";
}
}
} // end client-auth
container transport-params {
if-feature ssh-client-transport-params-config;
uses sshcom:transport-params-grouping;
description
"Configurable parameters for the SSH transport layer.";
}
} // ssh-client-grouping
}