matthew/sonic-buildimage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added ssh configurations to YANG model (#13338)

Browse Source 
- Why I did it
Implemented ssh configurations

- How I did it
Added ssh config table in configDB, once changed - hostcfgd will change the relevant OS files (sshd_config)

- How to verify it
Tests in sonic-host-services. Change relevant configs in configDB such as ports, and see sshd port was modified
This commit is contained in:
ycoheNvidia 2023-07-10 21:27:41 +03:00 committed by GitHub
parent 430330800e
commit 7639df0868
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 161 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/sonic-yang-models/doc/Configuration.md
View File

@ -79,6 +79,7 @@ Table of Contents
* [LOGGER](#logger)
* [WRED_PROFILE](#wred_profile)
* [PASSWORD_HARDENING](#password_hardening)
* [SSH_SERVER](#ssh_server)
* [SYSTEM_DEFAULTS table](#systemdefaults-table)
* [RADIUS](#radius)
* [Static DNS](#static-dns)
@ -2321,6 +2322,25 @@ There are 4 classes
}
```
### SSH_SERVER
In this table, we allow configuring ssh server global settings. This will feature includes 3 configurations:
- authentication_retries - number of login attepmts 1-100
- login_timeout - Timeout in seconds for login session for user to connect 1-600
- ports - Ssh port numbers - string of port numbers seperated by ','
```
{
"SSH_SERVER": {
"POLICIES":{
"authentication_retries": "6",
"login_timeout": "120",
"ports": "22"
}
}
}
```
### BREAKOUT_CFG
This table is introduced as part of Dynamic Port Breakout(DPB) feature.

1
src/sonic-yang-models/setup.py
View File

@ -140,6 +140,7 @@ setup(
'./yang-models/sonic-nat.yang',
'./yang-models/sonic-nvgre-tunnel.yang',
'./yang-models/sonic-passwh.yang',
'./yang-models/sonic-ssh-server.yang',
'./yang-models/sonic-pbh.yang',
'./yang-models/sonic-port.yang',
'./yang-models/sonic-policer.yang',

8
src/sonic-yang-models/tests/files/sample_config_db.json
View File

@ -2225,6 +2225,14 @@
}
},
"SSH_SERVER": {
"POLICIES":{
"authentication_retries": "6",
"login_timeout": "120",
"ports": "22"
}
},
"MACSEC_PROFILE": {
"test": {
"priority": "64",

26
src/sonic-yang-models/tests/yang_model_tests/tests/ssh-server.json Normal file
View File

@ -0,0 +1,26 @@
{
"SSH_SERVER_VALID": {
"desc": "Configure default SSH_SERVER."
},
"SSH_SERVER_VALID_MODIFIED": {
"desc": "Configure modified SSH_SERVER."
},
"SSH_SERVER_INVALID_AUTH_RETRIES": {
"desc": "Configure invalid number of authentication retries in SSH_SERVER.",
"eStrKey" : "Pattern",
"eStr": ["1..100"]
},
"SSH_SERVER_INVALID_LOGIN_TIMEOUT": {
"desc": "Configure invalid login timeout value in SSH_SERVER.",
"eStrKey" : "Pattern",
"eStr": ["1..600"]
},
"SSH_SERVER_INVALID_PORTS_1": {
"desc": "Configure invalid port value in SSH_SERVER.",
"eStr": "Invalid port numbers value"
},
"SSH_SERVER_INVALID_PORTS_2": {
"desc": "Configure invalid port value in SSH_SERVER.",
"eStr": "Invalid port numbers value"
}
}

60
src/sonic-yang-models/tests/yang_model_tests/tests_config/ssh-server.json Normal file
View File

@ -0,0 +1,60 @@
{
"SSH_SERVER_VALID": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"authentication_retries": "6",
"login_timeout": "120",
"ports": "22"
}
}
}
},
"SSH_SERVER_VALID_MODIFIED": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"authentication_retries": "16",
"login_timeout": "140",
"ports": "22,222"
}
}
}
},
"SSH_SERVER_INVALID_AUTH_RETRIES": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"authentication_retries": "200"
}
}
}
},
"SSH_SERVER_INVALID_LOGIN_TIMEOUT": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"login_timeout": "606"
}
}
}
},
"SSH_SERVER_INVALID_PORTS_1": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"ports": "port22"
}
}
}
},
"SSH_SERVER_INVALID_PORTS_2": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"ports": "22.222"
}
}
}
}
}

46
src/sonic-yang-models/yang-models/sonic-ssh-server.yang Normal file
View File

@ -0,0 +1,46 @@
//filename: sonic-ssh-server.yang
module sonic-ssh-server {
yang-version 1.1;
namespace "http://github.com/sonic-net/sonic-ssh-server";
prefix sshg;
description "SSH SERVER CONFIG YANG Module for SONiC OS";
revision 2022-08-29 {
description
"First Revision";
}
container sonic-ssh-server {
container SSH_SERVER {
description "SSH SERVER CONFIG part of config_db.json";
container POLICIES {
leaf authentication_retries {
description "number of login attepmts";
default 6;
type uint32 {
range 1..100;
}
}
leaf login_timeout {
description "login timeout (secs unit)";
default 120;
type uint32 {
range 1..600;
}
}
leaf ports {
description "ssh port numbers";
default "22";
type string {
pattern '([1-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-6])(,([1-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-6]))*' {
error-message "Invalid port numbers value";
error-app-tag ssh-server-ports-invalid-value;
}
}
}
}/*container policies */
} /* container SSH_SERVER */
}/* container sonic-ssh-server */
}/* end of module sonic-ssh-server */