545 lines
20 KiB
Plaintext
545 lines
20 KiB
Plaintext
-- *****************************************************************
|
|
-- DLINKSW-SSH-MIB.mib : Secure Shell MIB
|
|
--
|
|
-- Copyright (c) 2013 D-Link Corporation, all rights reserved.
|
|
--
|
|
-- *****************************************************************
|
|
DLINKSW-SSH-MIB DEFINITIONS ::= BEGIN
|
|
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Integer32,
|
|
Unsigned32
|
|
FROM SNMPv2-SMI
|
|
RowStatus, TimeStamp,TruthValue,DisplayString
|
|
FROM SNMPv2-TC
|
|
OBJECT-GROUP, MODULE-COMPLIANCE
|
|
FROM SNMPv2-CONF
|
|
InetAddressType,InetAddress
|
|
FROM INET-ADDRESS-MIB
|
|
InterfaceIndexOrZero
|
|
FROM IF-MIB
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
dlinkIndustrialCommon
|
|
FROM DLINK-ID-REC-MIB;
|
|
|
|
|
|
dlinkSwSshMIB MODULE-IDENTITY
|
|
LAST-UPDATED "201307180000Z"
|
|
ORGANIZATION "D-Link Corp."
|
|
CONTACT-INFO
|
|
" D-Link Corporation
|
|
|
|
Postal: No. 289, Sinhu 3rd Rd., Neihu District,
|
|
Taipei City 114, Taiwan, R.O.C
|
|
Tel: +886-2-66000123
|
|
E-mail: tsd@dlink.com.tw
|
|
"
|
|
DESCRIPTION
|
|
"This MIB module defines objects for Secure Shell (SSH)."
|
|
REVISION "201307180000Z"
|
|
DESCRIPTION
|
|
"This is the first version of the MIB file for 'SSH'
|
|
functionality.
|
|
"
|
|
::= { dlinkIndustrialCommon 17 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dSshNotifications OBJECT IDENTIFIER ::= { dlinkSwSshMIB 0 }
|
|
dSshObjects OBJECT IDENTIFIER ::= { dlinkSwSshMIB 1 }
|
|
dSshConformance OBJECT IDENTIFIER ::= { dlinkSwSshMIB 2 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dSshGeneral OBJECT IDENTIFIER ::= { dSshObjects 1 }
|
|
|
|
dSshEnabled OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object enables or disables Secure Shell (SSH) service."
|
|
DEFVAL { false }
|
|
::= { dSshGeneral 1 }
|
|
|
|
dSshVersion OBJECT-TYPE
|
|
SYNTAX INTEGER { v1(1), v2(2), v1v2(3) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The version of SSH is running on the switch.
|
|
The version that is currently supported is v2."
|
|
::= { dSshGeneral 2 }
|
|
|
|
dSshTimeout OBJECT-TYPE
|
|
SYNTAX Integer32 (30..600)
|
|
UNITS "seconds"
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time interval that the switch waits for the SSH client to respond
|
|
during the SSH negotiation phase."
|
|
DEFVAL { 120 }
|
|
::= { dSshGeneral 3 }
|
|
|
|
dSshAuthenticationRetries OBJECT-TYPE
|
|
SYNTAX Integer32 (1..32)
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The number of authentication attempts after the session
|
|
has reset or authentication failed."
|
|
DEFVAL { 3 }
|
|
::= { dSshGeneral 4 }
|
|
|
|
dSshServicePort OBJECT-TYPE
|
|
SYNTAX Unsigned32
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the service port, such as 22, which Secure Shell (SSH)
|
|
needs to connect to."
|
|
DEFVAL { 22 }
|
|
::= { dSshGeneral 5 }
|
|
|
|
dSshSrcIfIndex OBJECT-TYPE
|
|
SYNTAX InterfaceIndexOrZero
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies the ifIdex value of the source
|
|
source address of SSH packets that initiates a SSH connection.
|
|
The value of this object should be a valid 'ifIndex' value.
|
|
The value of this object being 'zero' implies that the IP address
|
|
of the closest interface will be used."
|
|
DEFVAL {0}
|
|
::= { dSshGeneral 6}
|
|
-- -----------------------------------------------------------------------------
|
|
dSshKeyConfiguration OBJECT IDENTIFIER ::= { dSshObjects 2 }
|
|
dSshCryptoKeyPairTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DSshCryptoKeyPairEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"dSshCryptokeyTable is a table that lets the user configure
|
|
the SSH keys"
|
|
::= { dSshKeyConfiguration 1 }
|
|
|
|
dSshCryptoKeyPairEntry OBJECT-TYPE
|
|
SYNTAX DSshCryptoKeyPairEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A SSH key table entry. The index specifies which
|
|
protocol the user wants to generate the key for.
|
|
|
|
An entry is created/removed when a key pair for a specific
|
|
protocol is generated or deleted via CLI or by issuing appropriate
|
|
sets to this table using snmp.
|
|
|
|
To replace the existing key for a protocol
|
|
|
|
1. Specify the Protocol: dSshCryptoKeyPairIndex
|
|
2. Specify the modulus size of the key pair(s): dSshCryptoKeyPairNBits
|
|
3. Set dSshCryptoKeyPairReplace as true(1)."
|
|
INDEX { dSshCryptoKeyPairIndex }
|
|
::= { dSshCryptoKeyPairTable 1 }
|
|
|
|
DSshCryptoKeyPairEntry ::=
|
|
SEQUENCE {
|
|
dSshCryptoKeyPairIndex INTEGER,
|
|
dSshCryptoKeyPairNBits Integer32,
|
|
dSshCryptoKeyPairReplace TruthValue,
|
|
dSshCryptoKeyPairLastCreateTime TimeStamp,
|
|
dSshCryptoKeyPairString DisplayString,
|
|
dSshCryptoKeyPairRowStatus RowStatus
|
|
}
|
|
|
|
dSshCryptoKeyPairIndex OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
rsa(1),
|
|
dsa(2)
|
|
}
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The SSH Protocol Identifier for which this entry
|
|
pertains to.
|
|
|
|
rsa - A public-key cryptosystem defined by Rivest,
|
|
Shamir and Adleman.
|
|
|
|
dsa - Digital Signature Algorithm, a public key
|
|
cipher used to generate digital signatures."
|
|
::= { dSshCryptoKeyPairEntry 1 }
|
|
|
|
dSshCryptoKeyPairNBits OBJECT-TYPE
|
|
SYNTAX Integer32 (360|512|768|1024|2048)
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the modulus size of the key pair(s):
|
|
For RSA, the valid values are 360, 512, 768, 1024, and 2048.
|
|
For DSA, the valid value is fixed as 1024.
|
|
For SSH version 2, the minimum recommended key size is 768 bits.
|
|
|
|
A key size with a larger number provides higher security but
|
|
takes longer to generate.
|
|
|
|
This object cannot be modified while this row is
|
|
active, unless the associated dSshCryptoKeyPairReplace
|
|
object is set to True in the same Set PDU."
|
|
::= { dSshCryptoKeyPairEntry 2 }
|
|
|
|
dSshCryptoKeyPairReplace OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object specifies whether a new key should replace
|
|
an existing key for the protocol.
|
|
No action is taken if this object is set to 'false'.
|
|
The value of this object when read is always 'false'."
|
|
::= { dSshCryptoKeyPairEntry 3 }
|
|
|
|
dSshCryptoKeyPairLastCreateTime OBJECT-TYPE
|
|
SYNTAX TimeStamp
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The time of the last creation of the key."
|
|
::= { dSshCryptoKeyPairEntry 4 }
|
|
|
|
dSshCryptoKeyPairString OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The generated SSH public key string."
|
|
::= { dSshCryptoKeyPairEntry 6 }
|
|
|
|
dSshCryptoKeyPairRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this SSH key pair."
|
|
::= { dSshCryptoKeyPairEntry 99 }
|
|
|
|
dSshCryptoKeyGenerationStatus OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
inProgress(1),
|
|
successful(2),
|
|
failed(3)
|
|
}
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the status of the last key
|
|
generation request."
|
|
::= { dSshKeyConfiguration 2 }
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
|
|
dSshConnectionTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DSshConnectionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A table to display the status of Secure Shell (SSH) server connections."
|
|
::= { dSshObjects 3 }
|
|
|
|
dSshConnectionEntry OBJECT-TYPE
|
|
SYNTAX DSshConnectionEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the dSshConnectionTable object."
|
|
INDEX { dSshConnectionSID }
|
|
::= { dSshConnectionTable 1 }
|
|
|
|
DSshConnectionEntry ::=
|
|
SEQUENCE {
|
|
dSshConnectionSID Integer32,
|
|
dSshConnectionVersion INTEGER,
|
|
dSshConnectionCipher DisplayString,
|
|
dSshConnectionUserID DisplayString,
|
|
dSshConnectionHostAddrType InetAddressType,
|
|
dSshConnectionHostAddr InetAddress
|
|
}
|
|
|
|
dSshConnectionSID OBJECT-TYPE
|
|
SYNTAX Integer32 (0..65535)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique number that identifies the SSH session."
|
|
::= { dSshConnectionEntry 1 }
|
|
|
|
dSshConnectionVersion OBJECT-TYPE
|
|
SYNTAX INTEGER { v1(1), v2(2), v1v2(3) }
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The protocol version number that the SSH client supports."
|
|
::= { dSshConnectionEntry 2}
|
|
|
|
dSshConnectionCipher OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The crypto/Hashed Message Authentication Code (HMAC) algorithm that
|
|
the SSH client is using."
|
|
::= { dSshConnectionEntry 3}
|
|
|
|
dSshConnectionUserID OBJECT-TYPE
|
|
SYNTAX DisplayString
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The login username that has been authenticated for the session."
|
|
::= { dSshConnectionEntry 4 }
|
|
|
|
dSshConnectionHostAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The type of Internet address for client
|
|
establised this session."
|
|
::= { dSshConnectionEntry 5 }
|
|
|
|
|
|
dSshConnectionHostAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-only
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The Internet address assigned for client
|
|
establised this session."
|
|
::= { dSshConnectionEntry 6 }
|
|
|
|
|
|
-- -----------------------------------------------------------------------------
|
|
dSshUserTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF DSshUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table lists all users and their corresponding authentication
|
|
methods through which SSH client can login."
|
|
::= { dSshObjects 4 }
|
|
|
|
dSshUserEntry OBJECT-TYPE
|
|
SYNTAX DSshUserEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the dSshUserTable."
|
|
INDEX { dSshUserName }
|
|
::= { dSshUserTable 1 }
|
|
|
|
DSshUserEntry ::=
|
|
SEQUENCE {
|
|
dSshUserName SnmpAdminString,
|
|
dSshUserAuthMethod INTEGER,
|
|
dSshUserKeyFilename SnmpAdminString,
|
|
dSshUserHostName DisplayString,
|
|
dSshUserHostAddrType InetAddressType,
|
|
dSshUserHostAddr InetAddress,
|
|
dSshUserRowStatus RowStatus
|
|
}
|
|
|
|
dSshUserName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the name of SSH user."
|
|
::= { dSshUserEntry 1 }
|
|
|
|
dSshUserAuthMethod OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
password(1),
|
|
publickey(2),
|
|
hostbased(3)
|
|
}
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the authentication method for this user account.
|
|
'password' - use password authentication method for this user account.
|
|
'publickey' - use public key authentication method for this user account.
|
|
'hostbased' - use host-based authentication method for this user account.
|
|
|
|
"
|
|
DEFVAL { password }
|
|
::= { dSshUserEntry 2 }
|
|
|
|
dSshUserKeyFilename OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (0..255))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the name of the file storing the SSH public key.
|
|
The SSH public key is used to authenticate the SSH
|
|
session for this user.
|
|
|
|
If dSshUserAuthMethod is 'publickey', this object refers to
|
|
user's public key.
|
|
|
|
If dSshUserAuthMethod is 'hostbased', this object refers to
|
|
client's host key.
|
|
|
|
If dSshUserAuthMethod is 'password', the value of this
|
|
object will be ignored and a zero-length string is
|
|
always returned when read."
|
|
::= { dSshUserEntry 3 }
|
|
|
|
|
|
dSshUserHostName OBJECT-TYPE
|
|
SYNTAX DisplayString (SIZE (0..255))
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The host name of the SSH client.
|
|
This object is only valid for host-based authentication method.
|
|
|
|
For password and public key authentication method, a
|
|
zero-length string is always returned when read.
|
|
"
|
|
::= { dSshUserEntry 4 }
|
|
|
|
dSshUserHostAddrType OBJECT-TYPE
|
|
SYNTAX InetAddressType
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The host address type of the SSH client.
|
|
This object is only valid for host-based authentication method.
|
|
|
|
For password and publickey authentication method, unknown(0)
|
|
is always returned when read.
|
|
"
|
|
::= { dSshUserEntry 5 }
|
|
|
|
dSshUserHostAddr OBJECT-TYPE
|
|
SYNTAX InetAddress
|
|
MAX-ACCESS read-write
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The host address of the SSH client.
|
|
This object is only valid for host-based authentication method.
|
|
|
|
For password and public key authentication method, a
|
|
zero-length string is always returned when read.
|
|
"
|
|
::= { dSshUserEntry 6 }
|
|
|
|
dSshUserRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this SSH user entry.
|
|
|
|
When read, active(1) is always returned.
|
|
|
|
If administrator wants to modify the authentication method for
|
|
a specific user account, setting createAndGo(4) for this node
|
|
after corresponding parameters are configured:
|
|
|
|
For password, there is no need to specify more parameters.
|
|
For publickey, dSshUserKeyFilename must be specified.
|
|
For hostbased, dSshUserKeyFilename and dSshUserHostName
|
|
must be specified, but parameters dSshUserHostAddrType and dSshUserHostAddr
|
|
are optional.
|
|
|
|
Other value of this node is not supported.
|
|
"
|
|
::= { dSshUserEntry 99 }
|
|
|
|
-- Conformance
|
|
|
|
|
|
dSshCompliances OBJECT IDENTIFIER ::= { dSshConformance 1 }
|
|
|
|
dSshGroups OBJECT IDENTIFIER ::= { dSshConformance 2 }
|
|
|
|
|
|
dSshCompliance MODULE-COMPLIANCE
|
|
STATUS deprecated
|
|
DESCRIPTION
|
|
"The compliance statement for entities which
|
|
implement the DLINKSW-SSH-MIB."
|
|
MODULE MANDATORY-GROUPS {
|
|
dSshConfigGroup
|
|
}
|
|
|
|
OBJECT dSshSrcIfIndex
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"It is compliant to implement this object as read-only.
|
|
Support for configurable source interface is only
|
|
required on the platform which supports SSH client."
|
|
|
|
GROUP dSshUserGroup
|
|
DESCRIPTION
|
|
"This group is mandatory only for the platform which supports
|
|
configuring SSH authentication method for a user account."
|
|
::= { dSshCompliances 1 }
|
|
|
|
dSshConfigGroup OBJECT-GROUP
|
|
OBJECTS
|
|
{ dSshEnabled,
|
|
dSshVersion,
|
|
dSshTimeout,
|
|
dSshAuthenticationRetries,
|
|
dSshServicePort,
|
|
dSshSrcIfIndex,
|
|
dSshCryptoKeyPairNBits,
|
|
dSshCryptoKeyPairReplace,
|
|
dSshCryptoKeyPairLastCreateTime,
|
|
dSshCryptoKeyPairRowStatus,
|
|
dSshCryptoKeyPairString,
|
|
dSshCryptoKeyGenerationStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for SSH configuration."
|
|
::= { dSshGroups 1 }
|
|
|
|
|
|
dSshConnectionGroup OBJECT-GROUP
|
|
OBJECTS
|
|
{ dSshConnectionVersion,
|
|
dSshConnectionCipher,
|
|
dSshConnectionUserID,
|
|
dSshConnectionHostAddrType,
|
|
dSshConnectionHostAddr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects to display SSH
|
|
connection related information."
|
|
::= { dSshGroups 2 }
|
|
|
|
dSshUserGroup OBJECT-GROUP
|
|
OBJECTS
|
|
{ dSshUserAuthMethod,
|
|
dSshUserKeyFilename,
|
|
dSshUserHostName,
|
|
dSshUserHostAddrType,
|
|
dSshUserHostAddr
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects related to SSH users."
|
|
::= { dSshGroups 3 }
|
|
|
|
END
|
|
|