Added ssh configurations to YANG model (#13338)
- Why I did it Implemented ssh configurations - How I did it Added ssh config table in configDB, once changed - hostcfgd will change the relevant OS files (sshd_config) - How to verify it Tests in sonic-host-services. Change relevant configs in configDB such as ports, and see sshd port was modified
This commit is contained in:
parent
430330800e
commit
7639df0868
@ -79,6 +79,7 @@ Table of Contents
|
|||||||
* [LOGGER](#logger)
|
* [LOGGER](#logger)
|
||||||
* [WRED_PROFILE](#wred_profile)
|
* [WRED_PROFILE](#wred_profile)
|
||||||
* [PASSWORD_HARDENING](#password_hardening)
|
* [PASSWORD_HARDENING](#password_hardening)
|
||||||
|
* [SSH_SERVER](#ssh_server)
|
||||||
* [SYSTEM_DEFAULTS table](#systemdefaults-table)
|
* [SYSTEM_DEFAULTS table](#systemdefaults-table)
|
||||||
* [RADIUS](#radius)
|
* [RADIUS](#radius)
|
||||||
* [Static DNS](#static-dns)
|
* [Static DNS](#static-dns)
|
||||||
@ -2321,6 +2322,25 @@ There are 4 classes
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### SSH_SERVER
|
||||||
|
|
||||||
|
In this table, we allow configuring ssh server global settings. This will feature includes 3 configurations:
|
||||||
|
|
||||||
|
- authentication_retries - number of login attepmts 1-100
|
||||||
|
- login_timeout - Timeout in seconds for login session for user to connect 1-600
|
||||||
|
- ports - Ssh port numbers - string of port numbers seperated by ','
|
||||||
|
```
|
||||||
|
{
|
||||||
|
"SSH_SERVER": {
|
||||||
|
"POLICIES":{
|
||||||
|
"authentication_retries": "6",
|
||||||
|
"login_timeout": "120",
|
||||||
|
"ports": "22"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
### BREAKOUT_CFG
|
### BREAKOUT_CFG
|
||||||
|
|
||||||
This table is introduced as part of Dynamic Port Breakout(DPB) feature.
|
This table is introduced as part of Dynamic Port Breakout(DPB) feature.
|
||||||
|
@ -140,6 +140,7 @@ setup(
|
|||||||
'./yang-models/sonic-nat.yang',
|
'./yang-models/sonic-nat.yang',
|
||||||
'./yang-models/sonic-nvgre-tunnel.yang',
|
'./yang-models/sonic-nvgre-tunnel.yang',
|
||||||
'./yang-models/sonic-passwh.yang',
|
'./yang-models/sonic-passwh.yang',
|
||||||
|
'./yang-models/sonic-ssh-server.yang',
|
||||||
'./yang-models/sonic-pbh.yang',
|
'./yang-models/sonic-pbh.yang',
|
||||||
'./yang-models/sonic-port.yang',
|
'./yang-models/sonic-port.yang',
|
||||||
'./yang-models/sonic-policer.yang',
|
'./yang-models/sonic-policer.yang',
|
||||||
|
@ -2225,6 +2225,14 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"SSH_SERVER": {
|
||||||
|
"POLICIES":{
|
||||||
|
"authentication_retries": "6",
|
||||||
|
"login_timeout": "120",
|
||||||
|
"ports": "22"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
"MACSEC_PROFILE": {
|
"MACSEC_PROFILE": {
|
||||||
"test": {
|
"test": {
|
||||||
"priority": "64",
|
"priority": "64",
|
||||||
|
@ -0,0 +1,26 @@
|
|||||||
|
{
|
||||||
|
"SSH_SERVER_VALID": {
|
||||||
|
"desc": "Configure default SSH_SERVER."
|
||||||
|
},
|
||||||
|
"SSH_SERVER_VALID_MODIFIED": {
|
||||||
|
"desc": "Configure modified SSH_SERVER."
|
||||||
|
},
|
||||||
|
"SSH_SERVER_INVALID_AUTH_RETRIES": {
|
||||||
|
"desc": "Configure invalid number of authentication retries in SSH_SERVER.",
|
||||||
|
"eStrKey" : "Pattern",
|
||||||
|
"eStr": ["1..100"]
|
||||||
|
},
|
||||||
|
"SSH_SERVER_INVALID_LOGIN_TIMEOUT": {
|
||||||
|
"desc": "Configure invalid login timeout value in SSH_SERVER.",
|
||||||
|
"eStrKey" : "Pattern",
|
||||||
|
"eStr": ["1..600"]
|
||||||
|
},
|
||||||
|
"SSH_SERVER_INVALID_PORTS_1": {
|
||||||
|
"desc": "Configure invalid port value in SSH_SERVER.",
|
||||||
|
"eStr": "Invalid port numbers value"
|
||||||
|
},
|
||||||
|
"SSH_SERVER_INVALID_PORTS_2": {
|
||||||
|
"desc": "Configure invalid port value in SSH_SERVER.",
|
||||||
|
"eStr": "Invalid port numbers value"
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,60 @@
|
|||||||
|
{
|
||||||
|
"SSH_SERVER_VALID": {
|
||||||
|
"sonic-ssh-server:sonic-ssh-server": {
|
||||||
|
"sonic-ssh-server:SSH_SERVER": {
|
||||||
|
"POLICIES":{
|
||||||
|
"authentication_retries": "6",
|
||||||
|
"login_timeout": "120",
|
||||||
|
"ports": "22"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"SSH_SERVER_VALID_MODIFIED": {
|
||||||
|
"sonic-ssh-server:sonic-ssh-server": {
|
||||||
|
"sonic-ssh-server:SSH_SERVER": {
|
||||||
|
"POLICIES":{
|
||||||
|
"authentication_retries": "16",
|
||||||
|
"login_timeout": "140",
|
||||||
|
"ports": "22,222"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"SSH_SERVER_INVALID_AUTH_RETRIES": {
|
||||||
|
"sonic-ssh-server:sonic-ssh-server": {
|
||||||
|
"sonic-ssh-server:SSH_SERVER": {
|
||||||
|
"POLICIES":{
|
||||||
|
"authentication_retries": "200"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"SSH_SERVER_INVALID_LOGIN_TIMEOUT": {
|
||||||
|
"sonic-ssh-server:sonic-ssh-server": {
|
||||||
|
"sonic-ssh-server:SSH_SERVER": {
|
||||||
|
"POLICIES":{
|
||||||
|
"login_timeout": "606"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"SSH_SERVER_INVALID_PORTS_1": {
|
||||||
|
"sonic-ssh-server:sonic-ssh-server": {
|
||||||
|
"sonic-ssh-server:SSH_SERVER": {
|
||||||
|
"POLICIES":{
|
||||||
|
"ports": "port22"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"SSH_SERVER_INVALID_PORTS_2": {
|
||||||
|
"sonic-ssh-server:sonic-ssh-server": {
|
||||||
|
"sonic-ssh-server:SSH_SERVER": {
|
||||||
|
"POLICIES":{
|
||||||
|
"ports": "22.222"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
46
src/sonic-yang-models/yang-models/sonic-ssh-server.yang
Normal file
46
src/sonic-yang-models/yang-models/sonic-ssh-server.yang
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
|
||||||
|
//filename: sonic-ssh-server.yang
|
||||||
|
module sonic-ssh-server {
|
||||||
|
yang-version 1.1;
|
||||||
|
namespace "http://github.com/sonic-net/sonic-ssh-server";
|
||||||
|
prefix sshg;
|
||||||
|
|
||||||
|
description "SSH SERVER CONFIG YANG Module for SONiC OS";
|
||||||
|
|
||||||
|
revision 2022-08-29 {
|
||||||
|
description
|
||||||
|
"First Revision";
|
||||||
|
}
|
||||||
|
|
||||||
|
container sonic-ssh-server {
|
||||||
|
container SSH_SERVER {
|
||||||
|
description "SSH SERVER CONFIG part of config_db.json";
|
||||||
|
container POLICIES {
|
||||||
|
leaf authentication_retries {
|
||||||
|
description "number of login attepmts";
|
||||||
|
default 6;
|
||||||
|
type uint32 {
|
||||||
|
range 1..100;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
leaf login_timeout {
|
||||||
|
description "login timeout (secs unit)";
|
||||||
|
default 120;
|
||||||
|
type uint32 {
|
||||||
|
range 1..600;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
leaf ports {
|
||||||
|
description "ssh port numbers";
|
||||||
|
default "22";
|
||||||
|
type string {
|
||||||
|
pattern '([1-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-6])(,([1-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-6]))*' {
|
||||||
|
error-message "Invalid port numbers value";
|
||||||
|
error-app-tag ssh-server-ports-invalid-value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}/*container policies */
|
||||||
|
} /* container SSH_SERVER */
|
||||||
|
}/* container sonic-ssh-server */
|
||||||
|
}/* end of module sonic-ssh-server */
|
Reference in New Issue
Block a user