idnits 2.17.1
draft-ietf-netconf-ssh-client-server-18.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 670 has weird spacing: '...ificate has a...'
-- The document date (March 8, 2020) is 1509 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Outdated reference: A later version (-34) exists of
draft-ietf-netconf-crypto-types-13
== Outdated reference: A later version (-35) exists of
draft-ietf-netconf-keystore-15
== Outdated reference: A later version (-28) exists of
draft-ietf-netconf-trust-anchors-08
Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 NETCONF Working Group K. Watsen
3 Internet-Draft Watsen Networks
4 Intended status: Standards Track G. Wu
5 Expires: September 9, 2020 Cisco Systems
6 L. Xia
7 Huawei
8 March 8, 2020
10 YANG Groupings for SSH Clients and SSH Servers
11 draft-ietf-netconf-ssh-client-server-18
13 Abstract
15 This document defines three YANG modules: the first defines groupings
16 for a generic SSH client, the second defines groupings for a generic
17 SSH server, and the third defines common identities and groupings
18 used by both the client and the server. It is intended that these
19 groupings will be used by applications using the SSH protocol.
21 Editorial Note (To be removed by RFC Editor)
23 This draft contains many placeholder values that need to be replaced
24 with finalized values at the time of publication. This note
25 summarizes all of the substitutions that are needed. No other RFC
26 Editor instructions are specified elsewhere in this document.
28 This document contains references to other drafts in progress, both
29 in the Normative References section, as well as in body text
30 throughout. Please update the following references to reflect their
31 final RFC assignments:
33 o I-D.ietf-netconf-trust-anchors
35 o I-D.ietf-netconf-keystore
37 Artwork in this document contains shorthand references to drafts in
38 progress. Please apply the following replacements:
40 o "XXXX" --> the assigned RFC value for this draft
42 o "YYYY" --> the assigned RFC value for I-D.ietf-netconf-trust-
43 anchors
45 o "ZZZZ" --> the assigned RFC value for I-D.ietf-netconf-keystore
47 Artwork in this document contains placeholder values for the date of
48 publication of this draft. Please apply the following replacement:
50 o "2020-03-08" --> the publication date of this draft
52 The following Appendix section is to be removed prior to publication:
54 o Appendix A. Change Log
56 Status of This Memo
58 This Internet-Draft is submitted in full conformance with the
59 provisions of BCP 78 and BCP 79.
61 Internet-Drafts are working documents of the Internet Engineering
62 Task Force (IETF). Note that other groups may also distribute
63 working documents as Internet-Drafts. The list of current Internet-
64 Drafts is at https://datatracker.ietf.org/drafts/current/.
66 Internet-Drafts are draft documents valid for a maximum of six months
67 and may be updated, replaced, or obsoleted by other documents at any
68 time. It is inappropriate to use Internet-Drafts as reference
69 material or to cite them other than as "work in progress."
71 This Internet-Draft will expire on September 9, 2020.
73 Copyright Notice
75 Copyright (c) 2020 IETF Trust and the persons identified as the
76 document authors. All rights reserved.
78 This document is subject to BCP 78 and the IETF Trust's Legal
79 Provisions Relating to IETF Documents
80 (https://trustee.ietf.org/license-info) in effect on the date of
81 publication of this document. Please review these documents
82 carefully, as they describe your rights and restrictions with respect
83 to this document. Code Components extracted from this document must
84 include Simplified BSD License text as described in Section 4.e of
85 the Trust Legal Provisions and are provided without warranty as
86 described in the Simplified BSD License.
88 Table of Contents
90 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
91 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
92 3. The SSH Client Model . . . . . . . . . . . . . . . . . . . . 4
93 3.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 4
94 3.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 5
95 3.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 9
96 4. The SSH Server Model . . . . . . . . . . . . . . . . . . . . 16
97 4.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 16
98 4.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 18
99 4.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 22
100 5. The SSH Common Model . . . . . . . . . . . . . . . . . . . . 31
101 5.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 33
102 5.2. Example Usage . . . . . . . . . . . . . . . . . . . . . . 34
103 5.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 34
104 6. Security Considerations . . . . . . . . . . . . . . . . . . . 44
105 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 46
106 7.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 46
107 7.2. The YANG Module Names Registry . . . . . . . . . . . . . 46
108 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 46
109 8.1. Normative References . . . . . . . . . . . . . . . . . . 46
110 8.2. Informative References . . . . . . . . . . . . . . . . . 48
111 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 50
112 A.1. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 50
113 A.2. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 50
114 A.3. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 50
115 A.4. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 50
116 A.5. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 51
117 A.6. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 51
118 A.7. 06 to 07 . . . . . . . . . . . . . . . . . . . . . . . . 51
119 A.8. 07 to 08 . . . . . . . . . . . . . . . . . . . . . . . . 51
120 A.9. 08 to 09 . . . . . . . . . . . . . . . . . . . . . . . . 51
121 A.10. 09 to 10 . . . . . . . . . . . . . . . . . . . . . . . . 52
122 A.11. 10 to 11 . . . . . . . . . . . . . . . . . . . . . . . . 52
123 A.12. 11 to 12 . . . . . . . . . . . . . . . . . . . . . . . . 52
124 A.13. 12 to 13 . . . . . . . . . . . . . . . . . . . . . . . . 52
125 A.14. 13 to 14 . . . . . . . . . . . . . . . . . . . . . . . . 52
126 A.15. 14 to 15 . . . . . . . . . . . . . . . . . . . . . . . . 53
127 A.16. 15 to 16 . . . . . . . . . . . . . . . . . . . . . . . . 53
128 A.17. 16 to 17 . . . . . . . . . . . . . . . . . . . . . . . . 53
129 A.18. 17 to 18 . . . . . . . . . . . . . . . . . . . . . . . . 53
130 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 54
131 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 54
133 1. Introduction
135 This document defines three YANG 1.1 [RFC7950] modules: the first
136 defines a grouping for a generic SSH client, the second defines a
137 grouping for a generic SSH server, and the third defines identities
138 and groupings common to both the client and the server. It is
139 intended that these groupings will be used by applications using the
140 SSH protocol [RFC4252], [RFC4253], and [RFC4254]. For instance,
141 these groupings could be used to help define the data model for an
142 OpenSSH [OPENSSH] server or a NETCONF over SSH [RFC6242] based
143 server.
145 The client and server YANG modules in this document each define one
146 grouping, which is focused on just SSH-specific configuration, and
147 specifically avoids any transport-level configuration, such as what
148 ports to listen on or connect to. This affords applications the
149 opportunity to define their own strategy for how the underlying TCP
150 connection is established. For instance, applications supporting
151 NETCONF Call Home [RFC8071] could use the "ssh-server-grouping"
152 grouping for the SSH parts it provides, while adding data nodes for
153 the TCP-level call-home configuration.
155 The modules defined in this document use groupings defined in
156 [I-D.ietf-netconf-keystore] enabling keys to be either locally
157 defined or a reference to globally configured values.
159 The modules defined in this document optionally support [RFC6187]
160 enabling X.509v3 certificate based host keys and public keys.
162 2. Terminology
164 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
165 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
166 "OPTIONAL" in this document are to be interpreted as described in BCP
167 14 [RFC2119] [RFC8174] when, and only when, they appear in all
168 capitals, as shown here.
170 3. The SSH Client Model
172 3.1. Tree Diagram
174 This section provides a tree diagram [RFC8340] for the "ietf-ssh-
175 client" module that does not have groupings expanded.
177 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
179 module: ietf-ssh-client
181 grouping ssh-client-grouping
182 +-- client-identity
183 | +-- username? string
184 | +-- (auth-type)
185 | +--:(public-key)
186 | | +-- public-key
187 | | +---u ks:local-or-keystore-asymmetric-key-grouping
188 | +--:(password)
189 | | +-- password? string {client-identity-password}?
190 | +--:(hostbased)
191 | | +-- hostbased {client-identity-hostbased}?
192 | | +---u ks:local-or-keystore-asymmetric-key-grouping
193 | +--:(none)
194 | | +-- none? empty {client-identity-none}?
195 | +--:(certificate)
196 | +-- certificate {sshcmn:ssh-x509-certs}?
197 | +---u ks:local-or-keystore-end-entity-cert-with-key-\
198 grouping
199 +-- server-authentication
200 | +-- ssh-host-keys!
201 | | +---u ts:local-or-truststore-public-keys-grouping
202 | +-- ca-certs! {sshcmn:ssh-x509-certs}?
203 | | +---u ts:local-or-truststore-certs-grouping
204 | +-- server-certs! {sshcmn:ssh-x509-certs}?
205 | +---u ts:local-or-truststore-certs-grouping
206 +-- transport-params {ssh-client-transport-params-config}?
207 | +---u sshcmn:transport-params-grouping
208 +-- keepalives! {ssh-client-keepalives}?
209 +-- max-wait? uint16
210 +-- max-attempts? uint8
212 3.2. Example Usage
214 This section presents two examples showing the ssh-client-grouping
215 populated with some data. These examples are effectively the same
216 except the first configures the client identity using a local key
217 while the second uses a key configured in a keystore. Both examples
218 are consistent with the examples presented in Section 2 of
219 [I-D.ietf-netconf-trust-anchors] and Section 3.2 of
220 [I-D.ietf-netconf-keystore].
222 The following example configures the client identity using a local
223 key:
225 ========== NOTE: '\\' line wrapping per BCP XXX (RFC XXXX) ==========
227
232
233
234 foobar
235
236
237 rsa2048
238 ct:ssh-public-key-format
240 base64encodedvalue==
241 ct:rsa-private-key-format
243 base64encodedvalue==
244
245
246
248
249
250
251
253
254
255 corp-fw1
256 secp256r1
257 ct:ssh-public-key-format
259 base64encodedvalue==
260
264
265
266 corp-fw2
267 secp256r1
268 ct:ssh-public-key-format
270 base64encodedvalue==
271
272
274
275
276
277
278
288 base64encodedvalue==
289 base64encodedvalue==
290
291
292
293
294
303 base64encodedvalue==
304 base64encodedvalue==
305
306
307
309
310
311 algs:ssh-rsa
312
313
314
315 algs:diffie-hellman-group-exchange-sha256
316
317
318
319 algs:aes256-ctr
320 algs:aes192-ctr
321 algs:aes128-ctr
322 algs:aes256-cbc
323 algs:aes192-cbc
324 algs:aes128-cbc
325
326
327 algs:hmac-sha2-256
328 algs:hmac-sha2-512
329
330
332
333 30
334 3
335
337
339 The following example configures the client identity using a key from
340 the keystore:
342 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
344
348
349
350 foobar
351
356
357
358 ssh-rsa-key-with-cert
359 ex-rsa-cert2
360
361
362
364
365
366
368 trusted-ssh-public-keys
370
371
372 trusted-server-ca-certs
374
375
377 trusted-server-ee-certs
379
380
382
383
384 algs:ssh-rsa
385
386
387
388 algs:diffie-hellman-group-exchange-sha256
389
390
391
392 algs:aes256-ctr
393 algs:aes192-ctr
394 algs:aes128-ctr
395 algs:aes256-cbc
396 algs:aes192-cbc
397 algs:aes128-cbc
398
399
400 algs:hmac-sha2-256
401 algs:hmac-sha2-512
402
403
405
406 30
407 3
408
410
412 3.3. YANG Module
414 This YANG module has normative references to
415 [I-D.ietf-netconf-trust-anchors], and [I-D.ietf-netconf-keystore].
417 file "ietf-ssh-client@2020-03-08.yang"
418 module ietf-ssh-client {
419 yang-version 1.1;
420 namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-client";
421 prefix sshc;
423 import ietf-netconf-acm {
424 prefix nacm;
425 reference
426 "RFC 8341: Network Configuration Access Control Model";
427 }
429 import ietf-crypto-types {
430 prefix ct;
431 reference
432 "RFC AAAA: Common YANG Data Types for Cryptography";
433 }
435 import ietf-truststore {
436 prefix ts;
437 reference
438 "RFC BBBB: A YANG Data Model for a Truststore";
439 }
441 import ietf-keystore {
442 prefix ks;
443 reference
444 "RFC CCCC: A YANG Data Model for a Keystore";
445 }
447 import ietf-ssh-common {
448 prefix sshcmn;
449 revision-date 2020-03-08; // stable grouping definitions
450 reference
451 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
452 }
454 organization
455 "IETF NETCONF (Network Configuration) Working Group";
457 contact
458 "WG Web:
459 WG List:
460 Author: Kent Watsen
461 Author: Gary Wu ";
463 description
464 "This module defines reusable groupings for SSH clients that
465 can be used as a basis for specific SSH client instances.
467 Copyright (c) 2019 IETF Trust and the persons identified
468 as authors of the code. All rights reserved.
470 Redistribution and use in source and binary forms, with
471 or without modification, is permitted pursuant to, and
472 subject to the license terms contained in, the Simplified
473 BSD License set forth in Section 4.c of the IETF Trust's
474 Legal Provisions Relating to IETF Documents
475 (https://trustee.ietf.org/license-info).
477 This version of this YANG module is part of RFC XXXX
478 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
479 itself for full legal notices.;
481 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
482 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
483 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
484 are to be interpreted as described in BCP 14 (RFC 2119)
485 (RFC 8174) when, and only when, they appear in all
486 capitals, as shown here.";
488 revision 2020-03-08 {
489 description
490 "Initial version";
491 reference
492 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
493 }
495 // Features
497 feature ssh-client-transport-params-config {
498 description
499 "SSH transport layer parameters are configurable on an SSH
500 client.";
501 }
503 feature ssh-client-keepalives {
504 description
505 "Per socket SSH keepalive parameters are configurable for
506 SSH clients on the server implementing this feature.";
507 }
509 feature client-identity-password {
510 description
511 "Indicates that the 'password' authentication type
512 is supported for client identification.";
513 }
514 feature client-identity-hostbased {
515 description
516 "Indicates that the 'hostbased' authentication type
517 is supported for client identification.";
518 }
520 feature client-identity-none {
521 description
522 "Indicates that the 'none' authentication type is
523 supported for client identification.";
524 }
526 // Groupings
528 grouping ssh-client-grouping {
529 description
530 "A reusable grouping for configuring a SSH client without
531 any consideration for how an underlying TCP session is
532 established.
534 Note that this grouping uses fairly typical descendent
535 node names such that a stack of 'uses' statements will
536 have name conflicts. It is intended that the consuming
537 data model will resolve the issue (e.g., by wrapping
538 the 'uses' statement in a container called
539 'ssh-client-parameters'). This model purposely does
540 not do this itself so as to provide maximum flexibility
541 to consuming models.";
543 container client-identity {
544 nacm:default-deny-write;
545 description
546 "The credentials used by the client to authenticate to
547 the SSH server.";
548 leaf username {
549 type string;
550 description
551 "The username of this user. This will be the username
552 used, for instance, to log into an SSH server.";
553 }
554 choice auth-type {
555 mandatory true;
556 description
557 "The authentication type. What happens when more than
558 one decendent is configured is undefined. FIXME.";
559 container public-key {
560 // FIXME: no if-feature because required okay?
561 description
562 "A locally-defined or referenced asymmetric key
563 pair to be used for client identification.";
564 reference
565 "RFC ZZZZ: YANG Data Model for a Centralized
566 Keystore Mechanism";
567 uses ks:local-or-keystore-asymmetric-key-grouping {
568 refine "local-or-keystore/local/local-definition" {
569 must 'public-key-format = "ct:ssh-public-key-format"';
570 }
571 refine "local-or-keystore/keystore/keystore-reference" {
572 must 'deref(.)/../ks:public-key-format'
573 + ' = "ct:ssh-public-key-format"';
574 }
575 }
576 }
577 leaf password {
578 if-feature client-identity-password;
579 nacm:default-deny-all;
580 type string;
581 description
582 "A password to be used for client identification.";
583 }
584 container hostbased {
585 if-feature client-identity-hostbased;
586 description
587 "A locally-defined or referenced asymmetric key
588 pair to be used for host identification.";
589 reference
590 "RFC ZZZZ: YANG Data Model for a Centralized
591 Keystore Mechanism";
592 uses ks:local-or-keystore-asymmetric-key-grouping {
593 refine "local-or-keystore/local/local-definition" {
594 must 'public-key-format = "ct:ssh-public-key-format"';
595 }
596 refine "local-or-keystore/keystore/keystore-reference" {
597 must 'deref(.)/../ks:public-key-format'
598 + ' = "ct:ssh-public-key-format"';
599 }
600 }
601 }
602 leaf none {
603 if-feature client-identity-none;
604 type empty;
605 description
606 "Indicates that 'none' algorithm is used for client
607 identification.";
608 }
609 container certificate {
610 if-feature "sshcmn:ssh-x509-certs";
611 description
612 "A locally-defined or referenced certificate
613 to be used for client identification.";
614 reference
615 "RFC ZZZZ: YANG Data Model for a Centralized
616 Keystore Mechanism";
617 uses
618 ks:local-or-keystore-end-entity-cert-with-key-grouping {
619 refine "local-or-keystore/local/local-definition" {
620 must
621 'public-key-format = "ct:ssh-public-key-format"';
622 } // FIXME: subject-public-key-info-format?
623 refine "local-or-keystore/keystore/keystore-reference"
624 + "/asymmetric-key" {
625 must 'deref(.)/../ks:public-key-format'
626 + ' = "ct:ssh-public-key-format"';
627 } // FIXME: subject-public-key-info-format?
628 }
629 }
630 }
631 } // container client-identity
633 container server-authentication {
634 nacm:default-deny-write;
635 must 'ssh-host-keys or ca-certs or server-certs';
636 description
637 "Specifies how the SSH client can authenticate SSH servers.
638 Any combination of credentials is additive and unordered.";
639 container ssh-host-keys {
640 presence
641 "Indicates that the client can authenticate servers
642 using the configured SSH host keys.";
643 description
644 "A list of SSH host keys used by the SSH client to
645 authenticate SSH server host keys. A server host key
646 is authenticated if it is an exact match to a
647 configured SSH host key.";
648 reference
649 "RFC YYYY: YANG Data Model for Global Trust Anchors";
650 uses ts:local-or-truststore-public-keys-grouping {
651 refine
652 "local-or-truststore/local/local-definition/public-key" {
653 must 'public-key-format = "ct:ssh-public-key-format"';
654 }
655 refine
656 "local-or-truststore/truststore/truststore-reference" {
657 must 'deref(.)/../*/ts:public-key-format'
658 + ' = "ct:ssh-public-key-format"';
659 }
660 }
661 }
662 container ca-certs {
663 if-feature "sshcmn:ssh-x509-certs";
664 presence
665 "Indicates that the client can authenticate servers
666 using the configured trust anchor certificates.";
667 description
668 "A set of certificate authority (CA) certificates used by
669 the SSH client to authenticate SSH servers. A server
670 is authenticated if its certificate has a valid chain
671 of trust to a configured CA certificate.";
672 reference
673 "RFC YYYY: YANG Data Model for Global Trust Anchors";
674 uses ts:local-or-truststore-certs-grouping;
675 // Note: TS certs don't have a key-format...no test needed
676 }
677 container server-certs { // FIXME: rename to "ee-certs"?
678 if-feature "sshcmn:ssh-x509-certs";
679 presence
680 "Indicates that the client can authenticate servers
681 using the configured server certificates.";
682 description
683 "A set of end-entity certificates used by the SSH client
684 to authenticate SSH servers. A server is authenticated
685 if its certificate is an exact match to a configured
686 server certificate.";
687 reference
688 "RFC YYYY: YANG Data Model for Global Trust Anchors";
689 uses ts:local-or-truststore-certs-grouping;
690 // Note: TS certs don't have a key-format...no test needed
691 }
692 } // container server-authentication
694 container transport-params {
695 nacm:default-deny-write;
696 if-feature "ssh-client-transport-params-config";
697 description
698 "Configurable parameters of the SSH transport layer.";
699 uses sshcmn:transport-params-grouping;
700 } // container transport-parameters
702 container keepalives {
703 nacm:default-deny-write;
704 if-feature "ssh-client-keepalives";
705 presence "Indicates that keepalives are enabled.";
706 description
707 "Configures the keep-alive policy, to proactively test
708 the aliveness of the SSH server. An unresponsive TLS
709 server is dropped after approximately max-wait *
710 max-attempts seconds.";
711 leaf max-wait {
712 type uint16 {
713 range "1..max";
714 }
715 units "seconds";
716 default "30";
717 description
718 "Sets the amount of time in seconds after which if
719 no data has been received from the SSH server, a
720 TLS-level message will be sent to test the
721 aliveness of the SSH server.";
722 }
723 leaf max-attempts {
724 type uint8;
725 default "3";
726 description
727 "Sets the maximum number of sequential keep-alive
728 messages that can fail to obtain a response from
729 the SSH server before assuming the SSH server is
730 no longer alive.";
731 }
732 } // container keepalives
733 } // grouping ssh-client-grouping
734 } // module ietf-ssh-client
736
738 4. The SSH Server Model
740 4.1. Tree Diagram
742 This section provides a tree diagram [RFC8340] for the "ietf-ssh-
743 server" module that does not have groupings expanded.
745 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
747 module: ietf-ssh-server
749 grouping ssh-server-grouping
750 +-- server-identity
751 | +-- host-key* [name]
752 | +-- name? string
753 | +-- (host-key-type)
754 | +--:(public-key)
755 | | +-- public-key
756 | | +---u ks:local-or-keystore-asymmetric-key-grouping
757 | +--:(certificate)
758 | +-- certificate {sshcmn:ssh-x509-certs}?
759 | +---u ks:local-or-keystore-end-entity-cert-with-k\
760 ey-grouping
761 +-- client-authentication
762 | +-- supported-authentication-methods
763 | | +-- publickey? empty
764 | | +-- passsword? empty {client-auth-password}?
765 | | +-- hostbased? empty {client-auth-hostbased}?
766 | | +-- none? empty {client-auth-none}?
767 | +-- users {client-auth-config-supported}?
768 | | +-- user* [name]
769 | | +-- name? string
770 | | +-- public-keys!
771 | | | +---u ts:local-or-truststore-public-keys-grouping
772 | | +-- password? ianach:crypt-hash
773 | | | {client-auth-password}?
774 | | +-- hostbased! {client-auth-hostbased}?
775 | | | +---u ts:local-or-truststore-public-keys-grouping
776 | | +-- none? empty {client-auth-none}?
777 | +-- ca-certs!
778 | | {client-auth-config-supported,sshcmn:ssh-x509-certs}?
779 | | +---u ts:local-or-truststore-certs-grouping
780 | +-- client-certs!
781 | {client-auth-config-supported,sshcmn:ssh-x509-certs}?
782 | +---u ts:local-or-truststore-certs-grouping
783 +-- transport-params {ssh-server-transport-params-config}?
784 | +---u sshcmn:transport-params-grouping
785 +-- keepalives! {ssh-server-keepalives}?
786 +-- max-wait? uint16
787 +-- max-attempts? uint8
789 4.2. Example Usage
791 This section presents two examples showing the ssh-server-grouping
792 populated with some data. These examples are effectively the same
793 except the first configures the server identity using a local key
794 while the second uses a key configured in a keystore. Both examples
795 are consistent with the examples presented in Section 2 of
796 [I-D.ietf-netconf-trust-anchors] and Section 3.2 of
797 [I-D.ietf-netconf-keystore].
799 The following example configures the server identity using a local
800 key:
802 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
804
809
810
811
812 my-pubkey-based-host-key
813
814
815 rsa2048
816 ct:ssh-public-key-format
818 base64encodedvalue==
819 ct:rsa-private-key-format
821 base64encodedvalue==
822
823
824
825
826 my-cert-based-host-key
827
828
829 rsa2048
830 ct:ssh-public-key-format
832 base64encodedvalue==
833 ct:rsa-private-key-format
835 base64encodedvalue==
836 base64encodedvalue==
838
839
840
841
843
844
845
846
847
848
849
850 mary
851 $0$secret
852
853
854
855
856 User A
857 secp256r1
858 ct:ssh-public-key-format
860 base64encodedvalue==
861
863
864
865 User B
866 secp256r1
867 ct:ssh-public-key-format
869 base64encodedvalue==
870
871
872
873
874
875
876
877
878 base64encodedvalue==
879 base64encodedvalue==
880 base64encodedvalue==
881
882
883
884
885 base64encodedvalue==
886 base64encodedvalue==
887 base64encodedvalue==
888
889
890
892
893
894 algs:ssh-rsa
895
896
897
898 algs:diffie-hellman-group-exchange-sha256
899
900
901
902 algs:aes256-ctr
903 algs:aes192-ctr
904 algs:aes128-ctr
905 algs:aes256-cbc
906 algs:aes192-cbc
907 algs:aes128-cbc
908
909
910 algs:hmac-sha2-256
911 algs:hmac-sha2-512
912
913
915
917 The following example configures the server identity using a key from
918 the keystore:
920 ========== NOTE: '\' line wrapping per BCP XXX (RFC XXXX) ===========
922
926
927
928
929 my-pubkey-based-host-key
930
931 ssh-rsa-key
932
933
934
935 my-cert-based-host-key
936
937
938 ssh-rsa-key-with-cert
939 ex-rsa-cert2
940
941
942
943
945
946
947
948
949
950
951
952 mary
953 $0$secret
954
955 SSH Public Keys for User A
957
958
959
960
961 trusted-client-ca-certs
963
964
965 trusted-client-ee-certs
967
968
970
971
972 algs:ssh-rsa
973
974
975
976 algs:diffie-hellman-group-exchange-sha256
977
978
979
980 algs:aes256-ctr
981 algs:aes192-ctr
982 algs:aes128-ctr
983 algs:aes256-cbc
984 algs:aes192-cbc
985 algs:aes128-cbc
986
987
988 algs:hmac-sha2-256
989 algs:hmac-sha2-512
990
991
993
995 4.3. YANG Module
997 This YANG module has normative references to
998 [I-D.ietf-netconf-trust-anchors] and [I-D.ietf-netconf-keystore] and
999 informative references to [RFC4253] and [RFC7317].
1001 file "ietf-ssh-server@2020-03-08.yang"
1003 module ietf-ssh-server {
1004 yang-version 1.1;
1005 namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-server";
1006 prefix sshs;
1008 import iana-crypt-hash {
1009 prefix ianach;
1010 reference
1011 "RFC 7317: A YANG Data Model for System Management";
1012 }
1014 import ietf-netconf-acm {
1015 prefix nacm;
1016 reference
1017 "RFC 8341: Network Configuration Access Control Model";
1018 }
1020 import ietf-crypto-types {
1021 prefix ct;
1022 reference
1023 "RFC AAAA: Common YANG Data Types for Cryptography";
1024 }
1026 import ietf-truststore {
1027 prefix ts;
1028 reference
1029 "RFC BBBB: A YANG Data Model for a Truststore";
1031 }
1033 import ietf-keystore {
1034 prefix ks;
1035 reference
1036 "RFC CCCC: A YANG Data Model for a Keystore";
1037 }
1039 import ietf-ssh-common {
1040 prefix sshcmn;
1041 revision-date 2020-03-08; // stable grouping definitions
1042 reference
1043 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
1044 }
1046 organization
1047 "IETF NETCONF (Network Configuration) Working Group";
1049 contact
1050 "WG Web:
1051 WG List:
1052 Author: Kent Watsen
1053 Author: Gary Wu ";
1055 description
1056 "This module defines reusable groupings for SSH servers that
1057 can be used as a basis for specific SSH server instances.
1059 Copyright (c) 2019 IETF Trust and the persons identified
1060 as authors of the code. All rights reserved.
1062 Redistribution and use in source and binary forms, with
1063 or without modification, is permitted pursuant to, and
1064 subject to the license terms contained in, the Simplified
1065 BSD License set forth in Section 4.c of the IETF Trust's
1066 Legal Provisions Relating to IETF Documents
1067 (https://trustee.ietf.org/license-info).
1069 This version of this YANG module is part of RFC XXXX
1070 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
1071 itself for full legal notices.;
1073 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
1074 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
1075 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
1076 are to be interpreted as described in BCP 14 (RFC 2119)
1077 (RFC 8174) when, and only when, they appear in all
1078 capitals, as shown here.";
1080 revision 2020-03-08 {
1081 description
1082 "Initial version";
1083 reference
1084 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
1085 }
1087 // Features
1089 feature ssh-server-transport-params-config {
1090 description
1091 "SSH transport layer parameters are configurable on an SSH
1092 server.";
1093 }
1095 feature ssh-server-keepalives {
1096 description
1097 "Per socket SSH keepalive parameters are configurable for
1098 SSH servers on the server implementing this feature.";
1099 }
1101 feature client-auth-config-supported {
1102 description
1103 "Indicates that the configuration for how to authenticate
1104 clients can be configured herein, as opposed to in an
1105 application specific location. That is, to support the
1106 consuming data models that prefer to place client
1107 authentication with client definitions, rather then
1108 in a data model principally concerned with configuring
1109 the transport.";
1110 }
1112 feature client-auth-password {
1113 description
1114 "Indicates that the 'password' authentication type
1115 is supported.";
1116 }
1118 feature client-auth-hostbased {
1119 description
1120 "Indicates that the 'hostbased' authentication type
1121 is supported.";
1122 }
1124 feature client-auth-none {
1125 description
1126 "Indicates that the 'none' authentication type is
1127 supported.";
1129 }
1131 // Groupings
1133 grouping ssh-server-grouping {
1134 description
1135 "A reusable grouping for configuring a SSH server without
1136 any consideration for how underlying TCP sessions are
1137 established.
1139 Note that this grouping uses fairly typical descendent
1140 node names such that a stack of 'uses' statements will
1141 have name conflicts. It is intended that the consuming
1142 data model will resolve the issue (e.g., by wrapping
1143 the 'uses' statement in a container called
1144 'ssh-server-parameters'). This model purposely does
1145 not do this itself so as to provide maximum flexibility
1146 to consuming models.";
1148 container server-identity {
1149 nacm:default-deny-write;
1150 description
1151 "The list of host keys the SSH server will present when
1152 establishing a SSH connection.";
1153 list host-key {
1154 key "name";
1155 min-elements 1;
1156 ordered-by user;
1157 description
1158 "An ordered list of host keys the SSH server will use to
1159 construct its ordered list of algorithms, when sending
1160 its SSH_MSG_KEXINIT message, as defined in Section 7.1
1161 of RFC 4253.";
1162 reference
1163 "RFC 4253: The Secure Shell (SSH) Transport Layer
1164 Protocol";
1165 leaf name {
1166 type string;
1167 description
1168 "An arbitrary name for this host key";
1169 }
1170 choice host-key-type {
1171 mandatory true;
1172 description
1173 "The type of host key being specified";
1174 container public-key {
1175 description
1176 "A locally-defined or referenced asymmetric key pair
1177 to be used for the SSH server's host key.";
1178 reference
1179 "RFC ZZZZ: YANG Data Model for a Centralized
1180 Keystore Mechanism";
1181 uses ks:local-or-keystore-asymmetric-key-grouping {
1182 refine "local-or-keystore/local/local-definition" {
1183 must
1184 'public-key-format = "ct:ssh-public-key-format"';
1185 }
1186 refine "local-or-keystore/keystore/"
1187 + "keystore-reference" {
1188 must 'deref(.)/../ks:public-key-format'
1189 + ' = "ct:ssh-public-key-format"';
1190 }
1191 }
1192 }
1193 container certificate {
1194 if-feature "sshcmn:ssh-x509-certs";
1195 description
1196 "A locally-defined or referenced end-entity
1197 certificate to be used for the SSH server's
1198 host key.";
1199 reference
1200 "RFC ZZZZ: YANG Data Model for a Centralized
1201 Keystore Mechanism";
1202 uses
1203 ks:local-or-keystore-end-entity-cert-with-key-grouping {
1204 refine "local-or-keystore/local/local-definition" {
1205 must
1206 'public-key-format = "ct:ssh-public-key-format"';
1207 } // FIXME: subject-public-key-info-format?
1208 refine "local-or-keystore/keystore/keystore-reference"
1209 + "/asymmetric-key" {
1210 must 'deref(.)/../ks:public-key-format'
1211 + ' = "ct:ssh-public-key-format"';
1212 } // FIXME: subject-public-key-info-format?
1213 }
1214 }
1215 }
1216 }
1217 } // container server-identity
1219 container client-authentication {
1220 nacm:default-deny-write;
1221 description
1222 "Specifies how the SSH server can authenticate SSH clients.";
1223 container supported-authentication-methods {
1224 description
1225 "Indicates which authentication methods the server
1226 supports.";
1227 leaf publickey {
1228 type empty;
1229 description
1230 "Indicates that the 'publickey' method is supported.
1231 Note that RFC 6187 X.509v3 Certificates for SSH uses
1232 the 'publickey' method name.";
1233 reference
1234 "RFC 4252: The Secure Shell (SSH) Authentication
1235 Protocol.
1236 RFC 6187: X.509v3 Certificates for Secure Shell
1237 Authentication.";
1238 }
1239 leaf passsword {
1240 if-feature client-auth-password;
1241 type empty;
1242 description
1243 "Indicates that the 'password' method is supported.";
1244 reference
1245 "RFC 4252: The Secure Shell (SSH) Authentication
1246 Protocol.";
1247 }
1248 leaf hostbased {
1249 if-feature client-auth-hostbased;
1250 type empty;
1251 description
1252 "Indicates that the 'hostbased' method is supported.";
1253 reference
1254 "RFC 4252: The Secure Shell (SSH) Authentication
1255 Protocol.";
1256 }
1257 leaf none {
1258 if-feature client-auth-none;
1259 type empty;
1260 description
1261 "Indicates that the 'none' method is supported.";
1262 reference
1263 "RFC 4252: The Secure Shell (SSH) Authentication
1264 Protocol.";
1265 }
1266 }
1268 container users {
1269 if-feature "client-auth-config-supported";
1270 description
1271 "A list of locally configured users.";
1272 list user {
1273 key name;
1274 description
1275 "The list of local users configured on this device.";
1277 leaf name {
1278 type string;
1279 description
1280 "The user name string identifying this entry.";
1281 }
1283 container public-keys {
1284 // FIXME: no if-feature because required okay?
1285 presence
1286 "Indicates that the server can authenticate this
1287 user using any of the configured SSH public keys.";
1288 description
1289 "A set of SSH public keys may be used by the SSH
1290 server to authenticate this user. A user is
1291 authenticated if its public key is an exact
1292 match to a configured public key.";
1293 reference
1294 "RFC YYYY: A YANG Data Model for a Truststore";
1295 uses ts:local-or-truststore-public-keys-grouping {
1296 refine "local-or-truststore/local/local-definition"
1297 + "/public-key" {
1298 must 'public-key-format'
1299 + ' = "ct:ssh-public-key-format"';
1300 }
1301 refine "local-or-truststore/truststore/"
1302 + "truststore-reference" {
1303 must 'deref(.)/../*/ts:public-key-format'
1304 + ' = "ct:ssh-public-key-format"';
1305 }
1306 }
1307 }
1309 leaf password {
1310 if-feature client-auth-password;
1311 type ianach:crypt-hash;
1312 description
1313 "The password for this user.";
1314 }
1316 container hostbased {
1317 if-feature client-auth-hostbased;
1318 presence
1319 "Indicates that the server can authenticate this
1320 user's 'host' using any of the configured SSH
1321 host keys.";
1322 description
1323 "A set of SSH host keys may be used by the SSH
1324 server to authenticate this user's host. A
1325 user's host is authenticated if its host key
1326 is an exact match to a configured host key.";
1327 reference
1328 "RFC 4253: The Secure Shell (SSH) Transport Layer
1329 RFC YYYY: A YANG Data Model for a Truststore";
1330 uses ts:local-or-truststore-public-keys-grouping {
1331 refine "local-or-truststore/local/local-definition"
1332 + "/public-key" {
1333 must 'public-key-format'
1334 + ' = "ct:ssh-public-key-format"';
1335 }
1336 refine "local-or-truststore/truststore"
1337 + "/truststore-reference" {
1338 must 'deref(.)/../*/ts:public-key-format'
1339 + ' = "ct:ssh-public-key-format"';
1340 }
1341 }
1342 }
1343 leaf none {
1344 if-feature client-auth-none;
1345 type empty;
1346 description
1347 "Indicates that the 'none' method is supported.";
1348 reference
1349 "RFC 4252: The Secure Shell (SSH) Authentication
1350 Protocol.";
1351 }
1352 }
1353 }
1354 container ca-certs {
1355 if-feature "client-auth-config-supported";
1356 if-feature "sshcmn:ssh-x509-certs";
1357 presence
1358 "Indicates that the SSH server can authenticate SSH
1359 clients using configured certificate authority (CA)
1360 certificates.";
1361 description
1362 "A set of certificate authority (CA) certificates used by
1363 the SSH server to authenticate SSH client certificates.
1364 A client certificate is authenticated if it has a valid
1365 chain of trust to a configured CA certificate.";
1366 reference
1367 "RFC YYYY:
1368 YANG Data Model for Global Trust Anchors";
1370 uses ts:local-or-truststore-certs-grouping;
1371 // Note: TS certs don't have a key-format...no test needed
1372 }
1373 container client-certs { // FIXME: plural too much?
1374 if-feature "client-auth-config-supported";
1375 if-feature "sshcmn:ssh-x509-certs";
1376 presence
1377 "Indicates that the SSH server can authenticate SSH
1378 clients using configured client certificates.";
1379 description
1380 "A set of client certificates (i.e., end entity
1381 certificates) used by the SSH server to authenticate
1382 the certificates presented by SSH clients. A client
1383 certificate is authenticated if it is an exact match
1384 to a configured client certificate.";
1385 reference
1386 "RFC YYYY: A YANG Data Model for a Truststore";
1387 uses ts:local-or-truststore-certs-grouping;
1388 // Note: TS certs don't have a key-format...no test needed
1389 }
1390 } // container client-authentication
1392 container transport-params {
1393 nacm:default-deny-write;
1394 if-feature "ssh-server-transport-params-config";
1395 description
1396 "Configurable parameters of the SSH transport layer.";
1397 uses sshcmn:transport-params-grouping;
1398 } // container transport-params
1400 container keepalives {
1401 nacm:default-deny-write;
1402 if-feature "ssh-server-keepalives";
1403 presence "Indicates that keepalives are enabled.";
1404 description
1405 "Configures the keep-alive policy, to proactively test
1406 the aliveness of the SSL client. An unresponsive SSL
1407 client is dropped after approximately max-wait *
1408 max-attempts seconds.";
1409 leaf max-wait {
1410 type uint16 {
1411 range "1..max";
1412 }
1413 units "seconds";
1414 default "30";
1415 description
1416 "Sets the amount of time in seconds after which
1417 if no data has been received from the SSL client,
1418 a SSL-level message will be sent to test the
1419 aliveness of the SSL client.";
1420 }
1421 leaf max-attempts {
1422 type uint8;
1423 default "3";
1424 description
1425 "Sets the maximum number of sequential keep-alive
1426 messages that can fail to obtain a response from
1427 the SSL client before assuming the SSL client is
1428 no longer alive.";
1429 }
1430 }
1431 } // grouping ssh-server-grouping
1432 } // module ietf-ssh-server
1434
1436 5. The SSH Common Model
1438 The SSH common model presented in this section contains identities
1439 and groupings common to both SSH clients and SSH servers. The
1440 transport-params-grouping can be used to configure the list of SSH
1441 transport algorithms permitted by the SSH client or SSH server. The
1442 lists of algorithms are ordered such that, if multiple algorithms are
1443 permitted by the client, the algorithm that appears first in its list
1444 that is also permitted by the server is used for the SSH transport
1445 layer connection. The ability to restrict the algorithms allowed is
1446 provided in this grouping for SSH clients and SSH servers that are
1447 capable of doing so and may serve to make SSH clients and SSH servers
1448 compliant with security policies.
1450 [I-D.ietf-netconf-crypto-types] defines six categories of
1451 cryptographic algorithms (hash-algorithm, symmetric-key-encryption-
1452 algorithm, mac-algorithm, asymmetric-key-encryption-algorithm,
1453 signature-algorithm, key-negotiation-algorithm) and lists several
1454 widely accepted algorithms for each of them. The SSH client and
1455 server models use one or more of these algorithms. The SSH common
1456 model includes four parameters for configuring its permitted SSH
1457 algorithms, which are: host-key-alg, key-exchange-alg, encryption-alg
1458 and mac-alg. The following tables are provided, in part, to define
1459 the subset of algorithms defined in the crypto-types model used by
1460 SSH and, in part, to ensure compatibility of configured SSH
1461 cryptographic parameters for configuring its permitted SSH algorithms
1462 ("sshcmn" representing SSH common model, and "ct" representing
1463 crypto-types model which the SSH client/server model is based on):
1465 +-------------------------------+-------------------------------+
1466 | sshcmn:host-key-alg | ct:signature-algorithm |
1467 +-------------------------------+-------------------------------+
1468 | dsa-sha1 | dsa-sha1 |
1469 | rsa-pkcs1-sha1 | rsa-pkcs1-sha1 |
1470 | rsa-pkcs1-sha256 | rsa-pkcs1-sha256 |
1471 | rsa-pkcs1-sha512 | rsa-pkcs1-sha512 |
1472 | ecdsa-secp256r1-sha256 | ecdsa-secp256r1-sha256 |
1473 | ecdsa-secp384r1-sha384 | ecdsa-secp384r1-sha384 |
1474 | ecdsa-secp521r1-sha512 | ecdsa-secp521r1-sha512 |
1475 | x509v3-rsa-pkcs1-sha1 | x509v3-rsa-pkcs1-sha1 |
1476 | x509v3-rsa2048-pkcs1-sha256 | x509v3-rsa2048-pkcs1-sha1 |
1477 | x509v3-ecdsa-secp256r1-sha256 | x509v3-ecdsa-secp256r1-sha256 |
1478 | x509v3-ecdsa-secp384r1-sha384 | x509v3-ecdsa-secp384r1-sha384 |
1479 | x509v3-ecdsa-secp521r1-sha512 | x509v3-ecdsa-secp521r1-sha512 |
1480 +-------------------------------+-------------------------------+
1482 Table 1 The SSH Host-key-alg Compatibility Matrix
1484 +-------------------------------+-------------------------------+
1485 | sshcmn:key-exchange-alg | ct:key-negotiation-algorithm |
1486 +-------------------------------+-------------------------------+
1487 | diffie-hellman-group14-sha1 | diffie-hellman-group14-sha1 |
1488 | diffie-hellman-group14-sha256 | diffie-hellman-group14-sha256 |
1489 | diffie-hellman-group15-sha512 | diffie-hellman-group15-sha512 |
1490 | diffie-hellman-group16-sha512 | diffie-hellman-group16-sha512 |
1491 | diffie-hellman-group17-sha512 | diffie-hellman-group17-sha512 |
1492 | diffie-hellman-group18-sha512 | diffie-hellman-group18-sha512 |
1493 | ecdh-sha2-secp256r1 | ecdh-sha2-secp256r1 |
1494 | ecdh-sha2-secp384r1 | ecdh-sha2-secp384r1 |
1495 +-------------------------------+-------------------------------+
1497 Table 2 The SSH Key-exchange-alg Compatibility Matrix
1499 +-----------------------+---------------------------------------+
1500 | sshcmn:encryption-alg | ct:symmetric-key-encryption-algorithm |
1501 +-----------------------+---------------------------------------+
1502 | aes-128-cbc | aes-128-cbc |
1503 | aes-192-cbc | aes-192-cbc |
1504 | aes-256-cbc | aes-256-cbc |
1505 | aes-128-ctr | aes-128-ctr |
1506 | aes-192-ctr | aes-192-ctr |
1507 | aes-256-ctr | aes-256-ctr |
1508 +-----------------------+---------------------------------------+
1510 Table 3 The SSH Encryption-alg Compatibility Matrix
1511 +----------------+-------------------+
1512 | sshcmn:mac-alg | ct:mac-algorithm |
1513 +----------------+-------------------+
1514 | hmac-sha1 | hmac-sha1 |
1515 | hmac-sha1-96 | hmac-sha1-96 |
1516 | hmac-sha2-256 | hmac-sha2-256 |
1517 | hmac-sha2-512 | hmac-sha2-512 |
1518 +----------------+-------------------+
1520 Table 4 The SSH Mac-alg Compatibility Matrix
1522 As is seen in the tables above, the names of the "sshcmn" algorithms
1523 are all identical to the names of algorithms defined in
1524 [I-D.ietf-netconf-crypto-types]. While appearing to be redundant, it
1525 is important to realize that not all the algorithms defined in
1526 [I-D.ietf-netconf-crypto-types] are supported by SSH. That is, the
1527 algorithms supported by SSH are a subset of the algorithms defined in
1528 [I-D.ietf-netconf-crypto-types]. The algorithms used by SSH are
1529 redefined in this document in order to constrain the algorithms that
1530 may be selected to just the ones used by SSH.
1532 Features are defined for algorithms that are OPTIONAL or are not
1533 widely supported by popular implementations. Note that the list of
1534 algorithms is not exhaustive. As well, some algorithms that are
1535 REQUIRED by [RFC4253] are missing, notably "ssh-dss" and "diffie-
1536 hellman-group1-sha1" due to their weak security and there being
1537 alternatives that are widely supported.
1539 5.1. Tree Diagram
1541 The following tree diagram [RFC8340] provides an overview of the data
1542 model for the "ietf-ssh-common" module.
1544 module: ietf-ssh-common
1546 grouping transport-params-grouping
1547 +-- host-key
1548 | +-- host-key-alg* identityref
1549 +-- key-exchange
1550 | +-- key-exchange-alg* identityref
1551 +-- encryption
1552 | +-- encryption-alg* identityref
1553 +-- mac
1554 +-- mac-alg* identityref
1556 5.2. Example Usage
1558 This following example illustrates how the transport-params-grouping
1559 appears when populated with some data.
1561
1564
1565 algs:x509v3-rsa2048-sha256
1566 algs:ssh-rsa
1567
1568
1569
1570 algs:diffie-hellman-group-exchange-sha256
1571
1572
1573
1574 algs:aes256-ctr
1575 algs:aes192-ctr
1576 algs:aes128-ctr
1577 algs:aes256-cbc
1578 algs:aes192-cbc
1579 algs:aes128-cbc
1580
1581
1582 algs:hmac-sha2-256
1583 algs:hmac-sha2-512
1584
1585
1587 5.3. YANG Module
1589 This YANG module has normative references to [RFC4253], [RFC4344],
1590 [RFC4419], [RFC5656], [RFC6187], and [RFC6668].
1592 file "ietf-ssh-common@2020-03-08.yang"
1594 module ietf-ssh-common {
1595 yang-version 1.1;
1596 namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-common";
1597 prefix sshcmn;
1599 organization
1600 "IETF NETCONF (Network Configuration) Working Group";
1602 contact
1603 "WG Web:
1604 WG List:
1605 Author: Kent Watsen
1606 Author: Gary Wu ";
1608 description
1609 "This module defines a common features, identities, and
1610 groupings for Secure Shell (SSH).
1612 Copyright (c) 2019 IETF Trust and the persons identified
1613 as authors of the code. All rights reserved.
1615 Redistribution and use in source and binary forms, with
1616 or without modification, is permitted pursuant to, and
1617 subject to the license terms contained in, the Simplified
1618 BSD License set forth in Section 4.c of the IETF Trust's
1619 Legal Provisions Relating to IETF Documents
1620 (https://trustee.ietf.org/license-info).
1622 This version of this YANG module is part of RFC XXXX
1623 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC
1624 itself for full legal notices.;
1626 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
1627 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
1628 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
1629 are to be interpreted as described in BCP 14 (RFC 2119)
1630 (RFC 8174) when, and only when, they appear in all
1631 capitals, as shown here.";
1633 revision 2020-03-08 {
1634 description
1635 "Initial version";
1636 reference
1637 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
1638 }
1640 // Features
1642 feature ssh-ecc {
1643 description
1644 "Elliptic Curve Cryptography is supported for SSH.";
1645 reference
1646 "RFC 5656: Elliptic Curve Algorithm Integration in the
1647 Secure Shell Transport Layer";
1648 }
1650 feature ssh-x509-certs {
1651 description
1652 "X.509v3 certificates are supported for SSH per RFC 6187.";
1653 reference
1654 "RFC 6187: X.509v3 Certificates for Secure Shell
1655 Authentication";
1656 }
1658 feature ssh-dh-group-exchange {
1659 description
1660 "Diffie-Hellman Group Exchange is supported for SSH.";
1661 reference
1662 "RFC 4419: Diffie-Hellman Group Exchange for the
1663 Secure Shell (SSH) Transport Layer Protocol";
1664 }
1666 feature ssh-ctr {
1667 description
1668 "SDCTR encryption mode is supported for SSH.";
1669 reference
1670 "RFC 4344: The Secure Shell (SSH) Transport Layer
1671 Encryption Modes";
1672 }
1674 feature ssh-sha2 {
1675 description
1676 "The SHA2 family of cryptographic hash functions is
1677 supported for SSH.";
1678 reference
1679 "FIPS PUB 180-4: Secure Hash Standard (SHS)";
1680 }
1682 // Identities
1684 identity public-key-alg-base {
1685 description
1686 "Base identity used to identify public key algorithms.";
1687 }
1689 identity ssh-dss {
1690 base public-key-alg-base;
1691 description
1692 "Digital Signature Algorithm using SHA-1 as the
1693 hashing algorithm.";
1694 reference
1695 "RFC 4253:
1696 The Secure Shell (SSH) Transport Layer Protocol";
1697 }
1699 identity ssh-rsa {
1700 base public-key-alg-base;
1701 description
1702 "RSASSA-PKCS1-v1_5 signature scheme using SHA-1 as the
1703 hashing algorithm.";
1704 reference
1705 "RFC 4253:
1706 The Secure Shell (SSH) Transport Layer Protocol";
1707 }
1709 identity ecdsa-sha2-nistp256 {
1710 if-feature "ssh-ecc and ssh-sha2";
1711 base public-key-alg-base;
1712 description
1713 "Elliptic Curve Digital Signature Algorithm (ECDSA) using the
1714 nistp256 curve and the SHA2 family of hashing algorithms.";
1715 reference
1716 "RFC 5656: Elliptic Curve Algorithm Integration in the
1717 Secure Shell Transport Layer";
1718 }
1720 identity ecdsa-sha2-nistp384 {
1721 if-feature "ssh-ecc and ssh-sha2";
1722 base public-key-alg-base;
1723 description
1724 "Elliptic Curve Digital Signature Algorithm (ECDSA) using the
1725 nistp384 curve and the SHA2 family of hashing algorithms.";
1726 reference
1727 "RFC 5656: Elliptic Curve Algorithm Integration in the
1728 Secure Shell Transport Layer";
1729 }
1731 identity ecdsa-sha2-nistp521 {
1732 if-feature "ssh-ecc and ssh-sha2";
1733 base public-key-alg-base;
1734 description
1735 "Elliptic Curve Digital Signature Algorithm (ECDSA) using the
1736 nistp521 curve and the SHA2 family of hashing algorithms.";
1737 reference
1738 "RFC 5656: Elliptic Curve Algorithm Integration in the
1739 Secure Shell Transport Layer";
1740 }
1742 identity x509v3-ssh-rsa {
1743 if-feature "ssh-x509-certs";
1744 base public-key-alg-base;
1745 description
1746 "RSASSA-PKCS1-v1_5 signature scheme using a public key stored
1747 in an X.509v3 certificate and using SHA-1 as the hashing
1748 algorithm.";
1749 reference
1750 "RFC 6187: X.509v3 Certificates for Secure Shell
1751 Authentication";
1752 }
1754 identity x509v3-rsa2048-sha256 {
1755 if-feature "ssh-x509-certs and ssh-sha2";
1756 base public-key-alg-base;
1757 description
1758 "RSASSA-PKCS1-v1_5 signature scheme using a public key stored
1759 in an X.509v3 certificate and using SHA-256 as the hashing
1760 algorithm. RSA keys conveyed using this format MUST have a
1761 modulus of at least 2048 bits.";
1762 reference
1763 "RFC 6187: X.509v3 Certificates for Secure Shell
1764 Authentication";
1765 }
1767 identity x509v3-ecdsa-sha2-nistp256 {
1768 if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2";
1769 base public-key-alg-base;
1770 description
1771 "Elliptic Curve Digital Signature Algorithm (ECDSA)
1772 using the nistp256 curve with a public key stored in
1773 an X.509v3 certificate and using the SHA2 family of
1774 hashing algorithms.";
1775 reference
1776 "RFC 6187: X.509v3 Certificates for Secure Shell
1777 Authentication";
1778 }
1780 identity x509v3-ecdsa-sha2-nistp384 {
1781 if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2";
1782 base public-key-alg-base;
1783 description
1784 "Elliptic Curve Digital Signature Algorithm (ECDSA)
1785 using the nistp384 curve with a public key stored in
1786 an X.509v3 certificate and using the SHA2 family of
1787 hashing algorithms.";
1788 reference
1789 "RFC 6187: X.509v3 Certificates for Secure Shell
1790 Authentication";
1791 }
1793 identity x509v3-ecdsa-sha2-nistp521 {
1794 if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2";
1795 base public-key-alg-base;
1796 description
1797 "Elliptic Curve Digital Signature Algorithm (ECDSA)
1798 using the nistp521 curve with a public key stored in
1799 an X.509v3 certificate and using the SHA2 family of
1800 hashing algorithms.";
1801 reference
1802 "RFC 6187: X.509v3 Certificates for Secure Shell
1803 Authentication";
1804 }
1806 identity key-exchange-alg-base {
1807 description
1808 "Base identity used to identify key exchange algorithms.";
1809 }
1811 identity diffie-hellman-group14-sha1 {
1812 base key-exchange-alg-base;
1813 description
1814 "Diffie-Hellman key exchange with SHA-1 as HASH and
1815 Oakley Group 14 (2048-bit MODP Group).";
1816 reference
1817 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1818 }
1820 identity diffie-hellman-group-exchange-sha1 {
1821 if-feature "ssh-dh-group-exchange";
1822 base key-exchange-alg-base;
1823 description
1824 "Diffie-Hellman Group and Key Exchange with SHA-1 as HASH.";
1825 reference
1826 "RFC 4419: Diffie-Hellman Group Exchange for the
1827 Secure Shell (SSH) Transport Layer Protocol";
1828 }
1830 identity diffie-hellman-group-exchange-sha256 {
1831 if-feature "ssh-dh-group-exchange and ssh-sha2";
1832 base key-exchange-alg-base;
1833 description
1834 "Diffie-Hellman Group and Key Exchange with SHA-256 as HASH.";
1835 reference
1836 "RFC 4419: Diffie-Hellman Group Exchange for the
1837 Secure Shell (SSH) Transport Layer Protocol";
1838 }
1840 identity ecdh-sha2-nistp256 {
1841 if-feature "ssh-ecc and ssh-sha2";
1842 base key-exchange-alg-base;
1843 description
1844 "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the
1845 nistp256 curve and the SHA2 family of hashing algorithms.";
1846 reference
1847 "RFC 5656: Elliptic Curve Algorithm Integration in the
1848 Secure Shell Transport Layer";
1849 }
1851 identity ecdh-sha2-nistp384 {
1852 if-feature "ssh-ecc and ssh-sha2";
1853 base key-exchange-alg-base;
1854 description
1855 "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the
1856 nistp384 curve and the SHA2 family of hashing algorithms.";
1857 reference
1858 "RFC 5656: Elliptic Curve Algorithm Integration in the
1859 Secure Shell Transport Layer";
1860 }
1862 identity ecdh-sha2-nistp521 {
1863 if-feature "ssh-ecc and ssh-sha2";
1864 base key-exchange-alg-base;
1865 description
1866 "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the
1867 nistp521 curve and the SHA2 family of hashing algorithms.";
1868 reference
1869 "RFC 5656: Elliptic Curve Algorithm Integration in the
1870 Secure Shell Transport Layer";
1871 }
1873 identity encryption-alg-base {
1874 description
1875 "Base identity used to identify encryption algorithms.";
1876 }
1878 identity triple-des-cbc {
1879 base encryption-alg-base;
1880 description
1881 "Three-key 3DES in CBC mode.";
1882 reference
1883 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1884 }
1886 identity aes128-cbc {
1887 base encryption-alg-base;
1888 description
1889 "AES in CBC mode, with a 128-bit key.";
1890 reference
1891 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1893 }
1895 identity aes192-cbc {
1896 base encryption-alg-base;
1897 description
1898 "AES in CBC mode, with a 192-bit key.";
1899 reference
1900 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1901 }
1903 identity aes256-cbc {
1904 base encryption-alg-base;
1905 description
1906 "AES in CBC mode, with a 256-bit key.";
1907 reference
1908 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1909 }
1911 identity aes128-ctr {
1912 if-feature "ssh-ctr";
1913 base encryption-alg-base;
1914 description
1915 "AES in SDCTR mode, with 128-bit key.";
1916 reference
1917 "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption
1918 Modes";
1919 }
1921 identity aes192-ctr {
1922 if-feature "ssh-ctr";
1923 base encryption-alg-base;
1924 description
1925 "AES in SDCTR mode, with 192-bit key.";
1926 reference
1927 "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption
1928 Modes";
1929 }
1931 identity aes256-ctr {
1932 if-feature "ssh-ctr";
1933 base encryption-alg-base;
1934 description
1935 "AES in SDCTR mode, with 256-bit key.";
1936 reference
1937 "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption
1938 Modes";
1939 }
1940 identity mac-alg-base {
1941 description
1942 "Base identity used to identify message authentication
1943 code (MAC) algorithms.";
1944 }
1946 identity hmac-sha1 {
1947 base mac-alg-base;
1948 description
1949 "HMAC-SHA1";
1950 reference
1951 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1952 }
1954 identity hmac-sha2-256 {
1955 if-feature "ssh-sha2";
1956 base mac-alg-base;
1957 description
1958 "HMAC-SHA2-256";
1959 reference
1960 "RFC 6668: SHA-2 Data Integrity Verification for the
1961 Secure Shell (SSH) Transport Layer Protocol";
1962 }
1964 identity hmac-sha2-512 {
1965 if-feature "ssh-sha2";
1966 base mac-alg-base;
1967 description
1968 "HMAC-SHA2-512";
1969 reference
1970 "RFC 6668: SHA-2 Data Integrity Verification for the
1971 Secure Shell (SSH) Transport Layer Protocol";
1972 }
1974 // Groupings
1976 grouping transport-params-grouping {
1977 description
1978 "A reusable grouping for SSH transport parameters.";
1979 reference
1980 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol";
1981 container host-key {
1982 description
1983 "Parameters regarding host key.";
1984 leaf-list host-key-alg {
1985 type identityref {
1986 base public-key-alg-base;
1987 }
1988 ordered-by user;
1989 description
1990 "Acceptable host key algorithms in order of descending
1991 preference. The configured host key algorithms should
1992 be compatible with the algorithm used by the configured
1993 private key. Please see Section 5 of RFC XXXX for
1994 valid combinations.
1996 If this leaf-list is not configured (has zero elements)
1997 the acceptable host key algorithms are implementation-
1998 defined.";
1999 reference
2000 "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers";
2001 }
2002 }
2003 container key-exchange {
2004 description
2005 "Parameters regarding key exchange.";
2006 leaf-list key-exchange-alg {
2007 type identityref {
2008 base key-exchange-alg-base;
2009 }
2010 ordered-by user;
2011 description
2012 "Acceptable key exchange algorithms in order of descending
2013 preference.
2015 If this leaf-list is not configured (has zero elements)
2016 the acceptable key exchange algorithms are implementation
2017 defined.";
2018 }
2019 }
2020 container encryption {
2021 description
2022 "Parameters regarding encryption.";
2023 leaf-list encryption-alg {
2024 type identityref {
2025 base encryption-alg-base;
2026 }
2027 ordered-by user;
2028 description
2029 "Acceptable encryption algorithms in order of descending
2030 preference.
2032 If this leaf-list is not configured (has zero elements)
2033 the acceptable encryption algorithms are implementation
2034 defined.";
2035 }
2037 }
2038 container mac {
2039 description
2040 "Parameters regarding message authentication code (MAC).";
2041 leaf-list mac-alg {
2042 type identityref {
2043 base mac-alg-base;
2044 }
2045 ordered-by user;
2046 description
2047 "Acceptable MAC algorithms in order of descending
2048 preference.
2050 If this leaf-list is not configured (has zero elements)
2051 the acceptable MAC algorithms are implementation-
2052 defined.";
2053 }
2054 }
2055 }
2056 }
2058
2060 6. Security Considerations
2062 The YANG modules defined in this document are designed to be accessed
2063 via YANG based management protocols, such as NETCONF [RFC6241] and
2064 RESTCONF [RFC8040]. Both of these protocols have mandatory-to-
2065 implement secure transport layers (e.g., SSH, TLS) with mutual
2066 authentication.
2068 The NETCONF access control model (NACM) [RFC8341] provides the means
2069 to restrict access for particular users to a pre-configured subset of
2070 all available protocol operations and content.
2072 Since the modules in this document only define groupings, these
2073 considerations are primarily for the designers of other modules that
2074 use these groupings.
2076 There are a number of data nodes defined in the YANG modules that are
2077 writable/creatable/deletable (i.e., config true, which is the
2078 default). These data nodes may be considered sensitive or vulnerable
2079 in some network environments. Write operations (e.g., edit-config)
2080 to these data nodes without proper protection can have a negative
2081 effect on network operations. These are the subtrees and data nodes
2082 and their sensitivity/vulnerability:
2084 *: All of the nodes defined by the grouping statement in both the
2085 "ietf-ssh-client" and "ietf-ssh-server" modules are sensitive
2086 to write operations. For instance, the addition or removal of
2087 references to keys, certificates, trusted anchors, etc., or
2088 even the modification of transport or keepalive parameters can
2089 dramatically alter the implemented security policy. For this
2090 reason, all the nodes are protected the NACM extension
2091 "default-deny-write".
2093 Some of the readable data nodes in the YANG modules may be considered
2094 sensitive or vulnerable in some network environments. It is thus
2095 important to control read access (e.g., via get, get-config, or
2096 notification) to these data nodes. These are the subtrees and data
2097 nodes and their sensitivity/vulnerability:
2099 ssh-client-grouping/client-identity/: This subtree in the "ietf-
2100 ssh-client" module contains nodes that are additionally
2101 sensitive to read operations such that, in normal use cases,
2102 they should never be returned to a client. Specifically, the
2103 descendent nodes 'password', 'public-key/local-definition/
2104 private-key' and 'certificate/local-definition/private-key'.
2105 For this reason, all of these node are protected by the NACM
2106 extension "default-deny-all".
2108 ssh-server-grouping/server-identity/: This subtree in the "ietf-
2109 ssh-server" module contains nodes that are additionally
2110 sensitive to read operations such that, in normal use cases,
2111 they should never be returned to a client. Specifically, the
2112 descendent nodes 'host-key/public-key/local-definition/private-
2113 key' and 'host-key/certificate/local-definition/private-key'.
2114 For this reason, both of these node are protected by the NACM
2115 extension "default-deny-all".
2117 Some of the operations in this YANG module may be considered
2118 sensitive or vulnerable in some network environments. It is thus
2119 important to control access to these operations. These are the
2120 operations and their sensitivity/vulnerability:
2122 *: The groupings defined in this document include "action"
2123 statements that come from groupings defined in
2124 [I-D.ietf-netconf-crypto-types]. Please consult that document
2125 for the security considerations of the "action" statements
2126 defined by the "grouping" statements defined in this document.
2128 7. IANA Considerations
2130 7.1. The IETF XML Registry
2132 This document registers three URIs in the "ns" subregistry of the
2133 IETF XML Registry [RFC3688]. Following the format in [RFC3688], the
2134 following registrations are requested:
2136 URI: urn:ietf:params:xml:ns:yang:ietf-ssh-client
2137 Registrant Contact: The NETCONF WG of the IETF.
2138 XML: N/A, the requested URI is an XML namespace.
2140 URI: urn:ietf:params:xml:ns:yang:ietf-ssh-server
2141 Registrant Contact: The NETCONF WG of the IETF.
2142 XML: N/A, the requested URI is an XML namespace.
2144 URI: urn:ietf:params:xml:ns:yang:ietf-ssh-common
2145 Registrant Contact: The NETCONF WG of the IETF.
2146 XML: N/A, the requested URI is an XML namespace.
2148 7.2. The YANG Module Names Registry
2150 This document registers three YANG modules in the YANG Module Names
2151 registry [RFC6020]. Following the format in [RFC6020], the following
2152 registrations are requested:
2154 name: ietf-ssh-client
2155 namespace: urn:ietf:params:xml:ns:yang:ietf-ssh-client
2156 prefix: sshc
2157 reference: RFC XXXX
2159 name: ietf-ssh-server
2160 namespace: urn:ietf:params:xml:ns:yang:ietf-ssh-server
2161 prefix: sshs
2162 reference: RFC XXXX
2164 name: ietf-ssh-common
2165 namespace: urn:ietf:params:xml:ns:yang:ietf-ssh-common
2166 prefix: sshcmn
2167 reference: RFC XXXX
2169 8. References
2171 8.1. Normative References
2173 [I-D.ietf-netconf-crypto-types]
2174 Watsen, K. and H. Wang, "Common YANG Data Types for
2175 Cryptography", draft-ietf-netconf-crypto-types-13 (work in
2176 progress), November 2019.
2178 [I-D.ietf-netconf-keystore]
2179 Watsen, K., "A YANG Data Model for a Keystore", draft-
2180 ietf-netconf-keystore-15 (work in progress), November
2181 2019.
2183 [I-D.ietf-netconf-trust-anchors]
2184 Watsen, K., "A YANG Data Model for a Truststore", draft-
2185 ietf-netconf-trust-anchors-08 (work in progress), November
2186 2019.
2188 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
2189 Requirement Levels", BCP 14, RFC 2119,
2190 DOI 10.17487/RFC2119, March 1997,
2191 .
2193 [RFC4344] Bellare, M., Kohno, T., and C. Namprempre, "The Secure
2194 Shell (SSH) Transport Layer Encryption Modes", RFC 4344,
2195 DOI 10.17487/RFC4344, January 2006,
2196 .
2198 [RFC4419] Friedl, M., Provos, N., and W. Simpson, "Diffie-Hellman
2199 Group Exchange for the Secure Shell (SSH) Transport Layer
2200 Protocol", RFC 4419, DOI 10.17487/RFC4419, March 2006,
2201 .
2203 [RFC5656] Stebila, D. and J. Green, "Elliptic Curve Algorithm
2204 Integration in the Secure Shell Transport Layer",
2205 RFC 5656, DOI 10.17487/RFC5656, December 2009,
2206 .
2208 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
2209 the Network Configuration Protocol (NETCONF)", RFC 6020,
2210 DOI 10.17487/RFC6020, October 2010,
2211 .
2213 [RFC6187] Igoe, K. and D. Stebila, "X.509v3 Certificates for Secure
2214 Shell Authentication", RFC 6187, DOI 10.17487/RFC6187,
2215 March 2011, .
2217 [RFC6668] Bider, D. and M. Baushke, "SHA-2 Data Integrity
2218 Verification for the Secure Shell (SSH) Transport Layer
2219 Protocol", RFC 6668, DOI 10.17487/RFC6668, July 2012,
2220 .
2222 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
2223 RFC 7950, DOI 10.17487/RFC7950, August 2016,
2224 .
2226 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2227 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
2228 May 2017, .
2230 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
2231 Access Control Model", STD 91, RFC 8341,
2232 DOI 10.17487/RFC8341, March 2018,
2233 .
2235 8.2. Informative References
2237 [OPENSSH] Project, T. O., "OpenSSH", 2016, .
2239 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
2240 DOI 10.17487/RFC3688, January 2004,
2241 .
2243 [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
2244 Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252,
2245 January 2006, .
2247 [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
2248 Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253,
2249 January 2006, .
2251 [RFC4254] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH)
2252 Connection Protocol", RFC 4254, DOI 10.17487/RFC4254,
2253 January 2006, .
2255 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
2256 and A. Bierman, Ed., "Network Configuration Protocol
2257 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
2258 .
2260 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
2261 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
2262 .
2264 [RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for
2265 System Management", RFC 7317, DOI 10.17487/RFC7317, August
2266 2014, .
2268 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
2269 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
2270 .
2272 [RFC8071] Watsen, K., "NETCONF Call Home and RESTCONF Call Home",
2273 RFC 8071, DOI 10.17487/RFC8071, February 2017,
2274 .
2276 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
2277 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
2278 .
2280 Appendix A. Change Log
2282 A.1. 00 to 01
2284 o Noted that '0.0.0.0' and '::' might have special meanings.
2286 o Renamed "keychain" to "keystore".
2288 A.2. 01 to 02
2290 o Removed the groupings 'listening-ssh-client-grouping' and
2291 'listening-ssh-server-grouping'. Now modules only contain the
2292 transport-independent groupings.
2294 o Simplified the "client-auth" part in the ietf-ssh-client module.
2295 It now inlines what it used to point to keystore for.
2297 o Added cipher suites for various algorithms into new 'ietf-ssh-
2298 common' module.
2300 A.3. 02 to 03
2302 o Removed 'RESTRICTED' enum from 'password' leaf type.
2304 o Added a 'must' statement to container 'server-auth' asserting that
2305 at least one of the various auth mechanisms must be specified.
2307 o Fixed description statement for leaf 'trusted-ca-certs'.
2309 A.4. 03 to 04
2311 o Change title to "YANG Groupings for SSH Clients and SSH Servers"
2313 o Added reference to RFC 6668
2315 o Added RFC 8174 to Requirements Language Section.
2317 o Enhanced description statement for ietf-ssh-server's "trusted-ca-
2318 certs" leaf.
2320 o Added mandatory true to ietf-ssh-client's "client-auth" 'choice'
2321 statement.
2323 o Changed the YANG prefix for module ietf-ssh-common from 'sshcom'
2324 to 'sshcmn'.
2326 o Removed the compression algorithms as they are not commonly
2327 configurable in vendors' implementations.
2329 o Updating descriptions in transport-params-grouping and the
2330 servers's usage of it.
2332 o Now tree diagrams reference ietf-netmod-yang-tree-diagrams
2334 o Updated YANG to use typedefs around leafrefs to common keystore
2335 paths
2337 o Now inlines key and certificates (no longer a leafref to keystore)
2339 A.5. 04 to 05
2341 o Merged changes from co-author.
2343 A.6. 05 to 06
2345 o Updated to use trust anchors from trust-anchors draft (was
2346 keystore draft)
2348 o Now uses new keystore grouping enabling asymmetric key to be
2349 either locally defined or a reference to the keystore.
2351 A.7. 06 to 07
2353 o factored the ssh-[client|server]-groupings into more reusable
2354 groupings.
2356 o added if-feature statements for the new "ssh-host-keys" and
2357 "x509-certificates" features defined in draft-ietf-netconf-trust-
2358 anchors.
2360 A.8. 07 to 08
2362 o Added a number of compatibility matrices to Section 5 (thanks
2363 Frank!)
2365 o Clarified that any configured "host-key-alg" values need to be
2366 compatible with the configured private key.
2368 A.9. 08 to 09
2370 o Updated examples to reflect update to groupings defined in the
2371 keystore -09 draft.
2373 o Add SSH keepalives features and groupings.
2375 o Prefixed top-level SSH grouping nodes with 'ssh-' and support
2376 mashups.
2378 o Updated copyright date, boilerplate template, affiliation, and
2379 folding algorithm.
2381 A.10. 09 to 10
2383 o Reformatted the YANG modules.
2385 A.11. 10 to 11
2387 o Reformatted lines causing folding to occur.
2389 A.12. 11 to 12
2391 o Collapsed all the inner groupings into the top-level grouping.
2393 o Added a top-level "demux container" inside the top-level grouping.
2395 o Added NACM statements and updated the Security Considerations
2396 section.
2398 o Added "presence" statements on the "keepalive" containers, as was
2399 needed to address a validation error that appeared after adding
2400 the "must" statements into the NETCONF/RESTCONF client/server
2401 modules.
2403 o Updated the boilerplate text in module-level "description"
2404 statement to match copyeditor convention.
2406 A.13. 12 to 13
2408 o Removed the "demux containers", floating the nacm:default-deny-
2409 write to each descendent node, and adding a note to model
2410 designers regarding the potential need to add their own demux
2411 containers.
2413 o Fixed a couple references (section 2 --> section 3)
2415 o In the server model, replaced with and introduced 'local-or-external' choice.
2418 A.14. 13 to 14
2420 o Updated to reflect changes in trust-anchors drafts (e.g., s/trust-
2421 anchors/truststore/g + s/pinned.//)
2423 A.15. 14 to 15
2425 o Updated examples to reflect ietf-crypto-types change (e.g.,
2426 identities --> enumerations)
2428 o Updated "server-authentication" and "client-authentication" nodes
2429 from being a leaf of type "ts:host-keys-ref" or "ts:certificates-
2430 ref" to a container that uses "ts:local-or-truststore-host-keys-
2431 grouping" or "ts:local-or-truststore-certs-grouping".
2433 A.16. 15 to 16
2435 o Removed unnecessary if-feature statements in the -client and
2436 -server modules.
2438 o Cleaned up some description statements in the -client and -server
2439 modules.
2441 o Fixed a canonical ordering issue in ietf-ssh-common detected by
2442 new pyang.
2444 A.17. 16 to 17
2446 o Removed choice local-or-external by removing the 'external' case
2447 and flattening the 'local' case and adding a "client-auth-config-
2448 supported" feature.
2450 o Updated examples to include the "*-key-format" nodes.
2452 o Augmented-in "must" expressions ensuring that locally-defined
2453 public-key-format are "ct:ssh-public-key-format" (must expr for
2454 ref'ed keys are TBD).
2456 A.18. 17 to 18
2458 o Removed leaf-list 'other' from ietf-ssh-server.
2460 o Removed unused 'external-client-auth-supported' feature.
2462 o Added features client-auth-password, client-auth-hostbased, and
2463 client-auth-none.
2465 o Renamed 'host-key' to 'public-key' for when refering to
2466 'publickey' based auth.
2468 o Added new feature-protected 'hostbased' and 'none' to the 'user'
2469 node's config.
2471 o Added new feature-protected 'hostbased' and 'none' to the 'client-
2472 identity' node's config.
2474 o Updated examples to reflect new "bag" addition to truststore.
2476 o Refined truststore/keystore groupings to ensure the key formats
2477 "must" be particular values.
2479 o Switched to using truststore's new "public-key" bag (instead of
2480 separate "ssh-public-key" and "raw-public-key" bags.
2482 o Updated client/server examples to cover ALL cases (local/ref x
2483 cert/raw-key/psk).
2485 Acknowledgements
2487 The authors would like to thank for following for lively discussions
2488 on list and in the halls (ordered by last name): Andy Bierman, Martin
2489 Bjorklund, Benoit Claise, Mehmet Ersue, Balazs Kovacs, David
2490 Lamparter, Alan Luchuk, Ladislav Lhotka, Radek Krejci, Tom Petch,
2491 Juergen Schoenwaelder, Phil Shafer, Sean Turner, Michal Vasko, and
2492 Bert Wijnen.
2494 Authors' Addresses
2496 Kent Watsen
2497 Watsen Networks
2499 EMail: kent+ietf@watsen.net
2501 Gary Wu
2502 Cisco Systems
2504 EMail: garywu@cisco.com
2506 Liang Xia
2507 Huawei
2509 EMail: frank.xialiang@huawei.com