diff options
| author | David Leutgeb <david.leutgeb@mannundmouse.com> | 2023-12-05 12:25:34 +0100 |
|---|---|---|
| committer | David Leutgeb <david.leutgeb@mannundmouse.com> | 2023-12-05 12:25:34 +0100 |
| commit | 98a672123c7872f6b9b75a9a2b6bb3aea504de6a (patch) | |
| tree | 9b13bd7f563c3198047bd359195327cf28b3caf0 /MIBS/cisco/CISCOSB-SSH-MIB | |
| download | mibs-98a672123c7872f6b9b75a9a2b6bb3aea504de6a.tar.gz mibs-98a672123c7872f6b9b75a9a2b6bb3aea504de6a.zip | |
Diffstat (limited to 'MIBS/cisco/CISCOSB-SSH-MIB')
| -rw-r--r-- | MIBS/cisco/CISCOSB-SSH-MIB | 1165 |
1 files changed, 1165 insertions, 0 deletions
diff --git a/MIBS/cisco/CISCOSB-SSH-MIB b/MIBS/cisco/CISCOSB-SSH-MIB new file mode 100644 index 0000000..bee96e5 --- /dev/null +++ b/MIBS/cisco/CISCOSB-SSH-MIB @@ -0,0 +1,1165 @@ +CISCOSB-SSH-MIB DEFINITIONS ::= BEGIN + +-- Title: CISCOSB PHY MIB +-- Version: 7.45 +-- Date: 19 Dec 2006 +-- +IMPORTS + OBJECT-TYPE, MODULE-IDENTITY, + Unsigned32, IpAddress FROM SNMPv2-SMI + TEXTUAL-CONVENTION, DisplayString, RowStatus + FROM SNMPv2-TC + switch001 FROM CISCOSB-MIB + InetAddressType, InetAddress FROM INET-ADDRESS-MIB; + + + rlSsh MODULE-IDENTITY + LAST-UPDATED "202105170000Z" -- September 30, 2002 + ORGANIZATION "Cisco Systems, Inc." + + CONTACT-INFO + "Postal: 170 West Tasman Drive + San Jose , CA 95134-1706 + USA + + + Website: Cisco Small Business Support Community <http://www.cisco.com/go/smallbizsupport>" + + DESCRIPTION + "The MIB module describes the private MIB for SSH supported + by CISCOSB's software and products." + REVISION "200301030024Z" -- January 04, 2003 + DESCRIPTION + "The second revision" + REVISION "200309210024Z" -- September 21, 2003 + DESCRIPTION + "Editorial changes." + ::= { switch001 78 } + +-- +-- Textual Conventions +-- +RlSshPublicKeyAlgorithm ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention describes the various possible public key + algorithms. The key algorithm is used to select the PK to be generated + and is also used when viewing the public keys." + + SYNTAX INTEGER { + rsa1(0), + rsa(1), + dsa(2), + ec(3), + none(999) + } + +RlSshPublicKeyDigestFormat ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "This textual convention describes the format used to display the public + key fingerprint. The hex format is the format used by PGP and OpenSSH. + The bubble-babble format is used by SSH.com software." + + SYNTAX INTEGER { + hex(0), + bubbleBabble(1) + } + +rlSshMibVersion OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The MIB version. The current version is 2" + ::= { rlSsh 1 } + +-- +-- Server tables +-- +rlSshServer OBJECT IDENTIFIER ::= { rlSsh 2 } + +-- +-- Host Public Key Table +-- +rlSshServerHostPublicKeyTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshServerHostPublicKeyTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains the router's public key. Each row in this table + contains a fragment of the key, in printable binhex format. There may + be up to 160 characters in every fragment, and they are all combined + to form one key. The key is generated by writing to + rlSshServerRegenerateHostKey. To cause clients to connect to this router + without printing warning messages (and also prevent active + man-in-the-middle), the router's public key must printed out and inserted + into the client's authorized_keys file" + ::= { rlSshServer 1 } + +rlSshServerHostPublicKeyTableEntry OBJECT-TYPE + SYNTAX RlSshServerHostPublicKeyTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshServerHostPublicKeyAlgorithm, rlSshServerHostPublicKeyFragmentId } + ::= { rlSshServerHostPublicKeyTable 1 } + +RlSshServerHostPublicKeyTableEntry ::= SEQUENCE { + rlSshServerHostPublicKeyAlgorithm RlSshPublicKeyAlgorithm, + rlSshServerHostPublicKeyFragmentId Unsigned32, + rlSshServerHostPublicKeyFragmentText DisplayString +} + +rlSshServerHostPublicKeyAlgorithm OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the type of public key to be displayed." + ::= { rlSshServerHostPublicKeyTableEntry 1 } + +rlSshServerHostPublicKeyFragmentId OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the index of this fragment in the final key. All segments must + be combined to form one big key." + ::= { rlSshServerHostPublicKeyTableEntry 2 } + +rlSshServerHostPublicKeyFragmentText OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A part of the readable text entry for the server's public authorzation key." + ::= { rlSshServerHostPublicKeyTableEntry 3 } + +-- +-- Host Public Key Fingerprint Table +-- +rlSshServerHostPublicKeyFingerprintTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshServerHostPublicKeyFingerprintTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains the fingerprint for the router's public key." + ::= { rlSshServer 2 } + +rlSshServerHostPublicKeyFingerprintTableEntry OBJECT-TYPE + SYNTAX RlSshServerHostPublicKeyFingerprintTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshServerHostPublicKeyFingerprintAlgorithm, rlSshServerHostPublicKeyFingerprintDigestFormat } + ::= { rlSshServerHostPublicKeyFingerprintTable 1 } + +RlSshServerHostPublicKeyFingerprintTableEntry ::= SEQUENCE { + rlSshServerHostPublicKeyFingerprintAlgorithm RlSshPublicKeyAlgorithm, + rlSshServerHostPublicKeyFingerprintDigestFormat RlSshPublicKeyDigestFormat, + rlSshServerHostPublicKeyFingerprint DisplayString +} + +rlSshServerHostPublicKeyFingerprintAlgorithm OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the type of public key to be displayed." + ::= { rlSshServerHostPublicKeyFingerprintTableEntry 1 } + +rlSshServerHostPublicKeyFingerprintDigestFormat OBJECT-TYPE + SYNTAX RlSshPublicKeyDigestFormat + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Format of the digest to be displayed (OpenSSH or SSH.com)." + ::= { rlSshServerHostPublicKeyFingerprintTableEntry 2 } + +rlSshServerHostPublicKeyFingerprint OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "SECSH format fingerprint of the server's public key. To prevent man in + the middle attacks, users should make sure the ssh Server's fingerprint, + as printed in the connection process, is similar to the one printed here." + ::= { rlSshServerHostPublicKeyFingerprintTableEntry 3 } + + +-- +-- Authorized Key Table +-- +rlSshServerAuthorizedUsersPublicKeyTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshServerAuthorizedUsersPublicKeyTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains public keys for all users who are authorized to access + the router. For a user to be able to log in using SSH, the user name must + appear in this table, and the user's public key must match the one found + here." + ::= { rlSshServer 3 } + +rlSshServerAuthorizedUsersPublicKeyTableEntry OBJECT-TYPE + SYNTAX RlSshServerAuthorizedUsersPublicKeyTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshServerAuthorizedUserName, + rlSshServerAuthorizedUserPublicKeyFragmentId } + ::= { rlSshServerAuthorizedUsersPublicKeyTable 1 } + +RlSshServerAuthorizedUsersPublicKeyTableEntry ::= SEQUENCE { + rlSshServerAuthorizedUserName DisplayString, + rlSshServerAuthorizedUserPublicKeyFragmentId Unsigned32, + rlSshServerAuthorizedUserPublicKeyFragmentText DisplayString, + rlSshServerAuthorizedUserPublicKeyFragmentStatus RowStatus +} + +rlSshServerAuthorizedUserName OBJECT-TYPE + SYNTAX DisplayString (SIZE(1..48)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Name of the user who owns this public key. Both the user name and the + key bytes must match before a user is authenticated using this key." + ::= { rlSshServerAuthorizedUsersPublicKeyTableEntry 1 } + +rlSshServerAuthorizedUserPublicKeyFragmentId OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Identifies the index of this fragment in the final key. All segments must + be combined to form one big key." + ::= { rlSshServerAuthorizedUsersPublicKeyTableEntry 2 } + +rlSshServerAuthorizedUserPublicKeyFragmentText OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A part of the readable text entry for the user's public authorzation key." + ::= { rlSshServerAuthorizedUsersPublicKeyTableEntry 3 } + +rlSshServerAuthorizedUserPublicKeyFragmentStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Create or delete a fragment of the user's public key. + A user is deleted if it has no remaining fragments." + ::= { rlSshServerAuthorizedUsersPublicKeyTableEntry 4 } + +-- +-- New 01-01-03: Authorized user fingerprint table. +-- +rlSshServerAuthorizedUsersPublicKeyFingerprintTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains the fingerprints of the public keys for all users who + are authorized to access the router. + To prevent man in the middle attacks, users should make sure the + user's fingerprint, as printed in the connection process, is similar + to the one printed here." + ::= { rlSshServer 5 } + +rlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry OBJECT-TYPE + SYNTAX RlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshServerAuthorizedUserFingerprintName, + rlSshServerAuthorizedUserPublicKeyFingerprintDigestFormat } + ::= { rlSshServerAuthorizedUsersPublicKeyFingerprintTable 1 } + +RlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry ::= SEQUENCE { + rlSshServerAuthorizedUserFingerprintName DisplayString, + rlSshServerAuthorizedUserPublicKeyFingerprintDigestFormat RlSshPublicKeyDigestFormat, + rlSshServerAuthorizedUserPublicKeyFingerprintAlgorithm RlSshPublicKeyAlgorithm, + rlSshServerAuthorizedUserPublicKeyFingerprint DisplayString +} + +rlSshServerAuthorizedUserFingerprintName OBJECT-TYPE + SYNTAX DisplayString (SIZE(1..48)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Name of the user who owns this public key. Both the user name and the + key bytes must match before a user is authenticated using this key." + ::= { rlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry 1 } + +rlSshServerAuthorizedUserPublicKeyFingerprintAlgorithm OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the type of public key to be displayed." + ::= { rlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry 2 } + +rlSshServerAuthorizedUserPublicKeyFingerprintDigestFormat OBJECT-TYPE + SYNTAX RlSshPublicKeyDigestFormat + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Format of the digest to be displayed (OpenSSH or SSH.com)." + ::= { rlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry 3 } + +rlSshServerAuthorizedUserPublicKeyFingerprint OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "SECSH format fingerprint of the user's public key. To prevent man in + the middle attacks, users should make sure their ssh fingerprint, + as printed in the connection process, is similar to the one printed here." + ::= { rlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry 4 } + + +-- +-- Session Table +-- +rlSshServerSessionTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshServerSessionTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Each row in this table corresponds to an active SSH session with + the server" + ::= { rlSshServer 6 } + +rlSshServerSessionTableEntry OBJECT-TYPE + SYNTAX RlSshServerSessionTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshServerSessionIdentifier } + ::= { rlSshServerSessionTable 1 } + +RlSshServerSessionTableEntry ::= SEQUENCE { + rlSshServerSessionIdentifier Unsigned32, + rlSshServerSessionPeerAddress IpAddress, + rlSshServerSessionPeerPort Unsigned32, + rlSshServerSessionUsername DisplayString, + rlSshServerSessionPeerVersion DisplayString, + rlSshServerSessionCipher DisplayString, + rlSshServerSessionHMAC DisplayString +} + +rlSshServerSessionIdentifier OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the connection to which this row corresponds." + ::= { rlSshServerSessionTableEntry 1 } + +rlSshServerSessionPeerAddress OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The network address of the remote host connected to the server." + ::= { rlSshServerSessionTableEntry 2 } + +rlSshServerSessionPeerPort OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The source network port of the remote host connected to the server." + ::= { rlSshServerSessionTableEntry 3 } + +rlSshServerSessionPeerVersion OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The client version of the remote host connected to the server." + ::= { rlSshServerSessionTableEntry 4 } + +rlSshServerSessionUsername OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "SSH authenticated name of user connected to the server." + ::= { rlSshServerSessionTableEntry 5 } + +rlSshServerSessionCipher OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Data encryption cipher used in this connection." + ::= { rlSshServerSessionTableEntry 6 } + +rlSshServerSessionHMAC OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Message authentication code used in this connection." + ::= { rlSshServerSessionTableEntry 7 } + +-- +-- Session Inet Table +-- +rlSshServerSessionInetTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshServerSessionInetTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Each row in this table corresponds to an active SSH session with the server" + ::= { rlSshServer 7 } + +rlSshServerSessionInetTableEntry OBJECT-TYPE + SYNTAX RlSshServerSessionInetTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The row definition for this table." + INDEX { rlSshServerSessionInetIdentifier } + ::= { rlSshServerSessionInetTable 1 } + +RlSshServerSessionInetTableEntry ::= SEQUENCE { + rlSshServerSessionInetIdentifier Unsigned32, + rlSshServerSessionInetPeerAddressType InetAddressType, + rlSshServerSessionInetPeerAddress InetAddress, + rlSshServerSessionInetPeerPort Unsigned32, + rlSshServerSessionInetUsername DisplayString, + rlSshServerSessionInetPeerVersion DisplayString, + rlSshServerSessionInetCipher DisplayString, + rlSshServerSessionInetHMAC DisplayString +} + +rlSshServerSessionInetIdentifier OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "Identifies the connection to which this row corresponds." + ::= { rlSshServerSessionInetTableEntry 1 } + +rlSshServerSessionInetPeerAddressType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The network address of the remote host connected to the server." + ::= { rlSshServerSessionInetTableEntry 2 } + +rlSshServerSessionInetPeerAddress OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The network address of the remote host connected to the server." + ::= { rlSshServerSessionInetTableEntry 3 } + +rlSshServerSessionInetPeerPort OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The source network port of the remote host connected to the server." + ::= { rlSshServerSessionInetTableEntry 4 } + +rlSshServerSessionInetPeerVersion OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION "The client version of the remote host connected to the server." + ::= { rlSshServerSessionInetTableEntry 5 } + +rlSshServerSessionInetUsername OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION "SSH authenticated name of user connected to the server." + ::= { rlSshServerSessionInetTableEntry 6 } + +rlSshServerSessionInetCipher OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION "Data encryption cipher used in this connection." + ::= { rlSshServerSessionInetTableEntry 7 } + +rlSshServerSessionInetHMAC OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION "Message authentication code used in this connection." + ::= { rlSshServerSessionInetTableEntry 8 } + +rlSshServerImportExportSelfKeyTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshServerImportExportSelfKeyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table can be used for 2 purposes: + 1) Importing public/private key pair to serve as the device key when acting + as SSH server. This is done by setting entries to this table, according to + the specified format. When the last entry (footer) is set, the whole key + pair is checked and if valid, stored in CDB. + 2) Exporting the device SSH server public/private key. This can be done by + performing GetNext operations on this table." + ::= { rlSshServer 8 } + +rlSshServerImportExportSelfKeyEntry OBJECT-TYPE + SYNTAX RlSshServerImportExportSelfKeyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshServerImportExportSelfKeyAlgorithm, + rlSshServerImportExportSelfKeyFormat, + rlSshServerImportExportSelfKeyFragmentId} + ::= { rlSshServerImportExportSelfKeyTable 1 } + +RlSshServerImportExportSelfKeyEntry ::= SEQUENCE { + rlSshServerImportExportSelfKeyAlgorithm RlSshPublicKeyAlgorithm, + rlSshServerImportExportSelfKeyFormat INTEGER, + rlSshServerImportExportSelfKeyFragmentId INTEGER, + rlSshServerImportExportSelfKeyFragmentText OCTET STRING +} + +rlSshServerImportExportSelfKeyAlgorithm OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Identifies the type of key pair." + ::= { rlSshServerImportExportSelfKeyEntry 1 } + +rlSshServerImportExportSelfKeyFormat OBJECT-TYPE + SYNTAX INTEGER { + uuencoded-format(1) + } + + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Specifies the format of public/key pair. The following formats are + supported for import/export: + 1) uuencoded_format - in this format both private and public key are in + uu-encoded format, and are seperated from one another by header and footer. + An example of the concateneation of all fragments in this format is: + -----BEGIN RSA PRIVATE KEY----- + tDaNkZZoCxXfkLLsLDlZ6T9H8U4Gz637eRV7BYBpapkidAxY1UG0/qgfKLPkbId4wzht6ArV9bE4fMtX + wSMOxL3q31pOmUdVhjbWYcgZQBDy1DjFSbuIEdP85c96B9bBE2nPv90mSvb/6j8R2NItT/KJeiYMtLtI + N3m6/zESKJGIrX0jP1RFDjVZSS5chSAFgB0egsLZEyOQn7jAqpX/x/easD2J6F/OjPXlJ9Hff2tMb3NU + QYyBoWH2J9IxhWB6Vo66R9Y04JGR18uL/rV2sMCtpg5ppkVTEpNTp9qE1yXocR2NmzUfNFap+GJ4IHj8 + CzkVfmJM/kEWaJsYgHbAgLyRg4QVyelfobv1B71aQ+u1z9KGu/QajkWdR04OQfsGOL1CvU2LGYDcRjfH + jv+jl/UkDRRjoD9kt2WvouT+OL6esvKl0OJBqWbGNXg9TWv/VLtJIwgUno+MLaJuOM4Fh44+wpnqUXwQ + TFtBFc8pzt5BoOwbv9gXpicTkq4/+GhwXWXxSVFebKhnHAvKSLT+Ba7K7ZeR8EIIxbXdDNFOiS45R2KI + jxxXLXK44u6KGl5MygCKXUOFlJ+Zhgrq6ZH17z/RVJQ2CWqb5Ekn9GY3kH9QZ3mb4MDPfriWi2lHGXHY + JmJd4SLQhpBdnOS5tu84QmyU3dNbAdzghDsR+dEY/6g7Cn0kcVkeHNZ0H+mCZik5f6XBD8eplkk43bdR + FrkwTeAjwurGcKwdiKkR4DlfSq3DKssVBucTqUpqsKqPXLwTIL44rWKhEPXgGPB2XDG0VLvIRKkAgEGI + LNTwOm091Ro= + -----END RSA PRIVATE KEY----- + + -----BEGIN RSA PUBLIC KEY----- + MIGHAoGBAOeIC9gRg3YaEGGMp3C00qNwLINAEDZV/J4BWM5WnWwCWZyHXDs2XiEmFu0ZONAD4gcT2f2f + NNfCBPye39VVuOkKQuSV0MLLX5800LZ4y1BNcPzPZHpnGaCzl7iAjhfj9MolzAh5VRjeiYt0t1um4dm+ + q9A4BtfpJqDYxCW9uxd/AgEj + -----END RSA PUBLIC KEY----- + " + ::= { rlSshServerImportExportSelfKeyEntry 2 } + +rlSshServerImportExportSelfKeyFragmentId OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Identifies the index of this fragment in the key pair input/output." + ::= { rlSshServerImportExportSelfKeyEntry 3 } + +rlSshServerImportExportSelfKeyFragmentText OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A part of the readable text entry for the key pair input/output." + ::= { rlSshServerImportExportSelfKeyEntry 4 } + +-- +-- SSH Server Scalars +-- +rlSshServerPort OBJECT-TYPE + SYNTAX Unsigned32(1..65535) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Specifies the TCP port used by the SSH 2 Server to listen for incoming + connections." + DEFVAL { 22 } + ::= { rlSshServer 101 } + +rlSshServerEnable OBJECT-TYPE + SYNTAX INTEGER { + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Enables listening for incoming SSH2 connections on the port defined in + rlSshServerPort." + ::= { rlSshServer 102 } + +rlSshServerEnablePublicKeyAuthentication OBJECT-TYPE + SYNTAX INTEGER { + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "If PK authentication is enabled, incoming SSH connections are + authenticated using public key authentication (using + rlSshServerAuthorizedUsersPublicKeyTable), before authenticating using + the router's standard AAA." + ::= { rlSshServer 103 } + +rlSshServerRegenerateHostKey OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Setting to a value other than none results in the Server (Host) Key + being regenerated. The key size is host-specific." + ::= { rlSshServer 104 } + +rlSshServerDefaultKeyFlag OBJECT-TYPE + SYNTAX INTEGER { + rsa(1), + dsa(2), + rsa-dsa(3), + ec(4), + all(99), + none(100) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This scalar indicates which of the SSH server keys are default keys + (automatically generated)." + ::= { rlSshServer 105 } + +rlSshServerDeleteSelfKey OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Setting to a value other than 'none' results in deleting the server self + key of the chosen type. As a result a default key may be created + (according to the MTSC..)" + ::= { rlSshServer 106 } + +rlSshServerEnablePublicKeyAuthAutoLogin OBJECT-TYPE + SYNTAX INTEGER { + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "If PK authentication is succesfull and AAA local DB method + is enabled for SSH line, the username is checked with AAA + local DB. If present, the user is authenticated automatically + without prompting for username or password." + ::= { rlSshServer 107 } + +rlSshServerEnablePasswordAuthentication OBJECT-TYPE + SYNTAX INTEGER { + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "If password authentication is enabled, incoming SSH connections are + authenticated with username/password authentication using + the router's standard AAA." + ::= { rlSshServer 108 } +-- +-- SSH Client Scalars +-- +rlSshClient OBJECT IDENTIFIER ::= { rlSsh 3 } + +rlSshClientUserName OBJECT-TYPE + SYNTAX DisplayString(SIZE(1..70)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Specifies the default user name the ssh client will use when + authenticating to a remote server. In SCP sessions this global + user name will be used unless a specific user name has been specified + for the operation. + The value of this MIB must not contain charachters ':' or '@' (those + are used to indicate parameters seperation in SCP copy)." + DEFVAL { "anonymous" } + ::= { rlSshClient 1 } + +rlSshClientRegenerateSelfKey OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Setting to a value other than none results in the client self key + being regenerated. The key size is host-specific." + ::= { rlSshClient 2 } + +-- +-- Client Self Public Key Table +-- +rlSshClientSelfPublicKeyTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshClientSelfPublicKeyTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains the router's client self public key. Each row in + this table contains a fragment of the key, in printable binhex format. + There may be up to 160 characters in every fragment, and they are all + combined to form one key. The key is generated by writing to + rlSshClientRegenerateSelfKey. To cause clients to connect to this router + without printing warning messages (and also prevent active + man-in-the-middle), the router's public key must printed out and + inserted into the client's authorized_keys file" + ::= { rlSshClient 3 } + +rlSshClientSelfPublicKeyTableEntry OBJECT-TYPE + SYNTAX RlSshClientSelfPublicKeyTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshClientSelfPublicKeyAlgorithm, rlSshClientSelfPublicKeyFragmentId } + ::= { rlSshClientSelfPublicKeyTable 1 } + +RlSshClientSelfPublicKeyTableEntry ::= SEQUENCE { + rlSshClientSelfPublicKeyFragmentId Unsigned32, + rlSshClientSelfPublicKeyAlgorithm RlSshPublicKeyAlgorithm, + rlSshClientSelfPublicKeyFragmentText DisplayString +} + +rlSshClientSelfPublicKeyFragmentId OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the index of this fragment in the final key. All segments must + be combined to form one big key." + ::= { rlSshClientSelfPublicKeyTableEntry 1 } + +rlSshClientSelfPublicKeyAlgorithm OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the type of public key to be displayed." + ::= { rlSshClientSelfPublicKeyTableEntry 2 } + +rlSshClientSelfPublicKeyFragmentText OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A part of the readable text entry for the router's client public + authorization key." + ::= { rlSshClientSelfPublicKeyTableEntry 3 } + +-- +-- Client Self Key Fingerprint Table +-- +rlSshClientSelfPublicKeyFingerprintTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshClientSelfPublicKeyFingerprintTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table contains the fingerprint for the client's self key. " + ::= { rlSshClient 4 } + +rlSshClientSelfPublicKeyFingerprintTableEntry OBJECT-TYPE + SYNTAX RlSshClientSelfPublicKeyFingerprintTableEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshClientSelfPublicKeyFingerprintAlgorithm, rlSshClientSelfPublicKeyFingerprintDigestFormat } + ::= { rlSshClientSelfPublicKeyFingerprintTable 1 } + +RlSshClientSelfPublicKeyFingerprintTableEntry ::= SEQUENCE { + rlSshClientSelfPublicKeyFingerprintAlgorithm RlSshPublicKeyAlgorithm, + rlSshClientSelfPublicKeyFingerprintDigestFormat RlSshPublicKeyDigestFormat, + rlSshClientSelfPublicKeyFingerprint DisplayString +} + +rlSshClientSelfPublicKeyFingerprintAlgorithm OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Identifies the type of public key to be displayed." + ::= { rlSshClientSelfPublicKeyFingerprintTableEntry 1 } + +rlSshClientSelfPublicKeyFingerprintDigestFormat OBJECT-TYPE + SYNTAX RlSshPublicKeyDigestFormat + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Format of the digest to be displayed (OpenSSH or SSH.com)." + ::= { rlSshClientSelfPublicKeyFingerprintTableEntry 2 } + +rlSshClientSelfPublicKeyFingerprint OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "SECSH format fingerprint of the client's self key. To prevent man in + the middle attacks, users should make sure the ssh Server's fingerprint, + as printed in the connection process, is similar to the one printed here." + ::= { rlSshClientSelfPublicKeyFingerprintTableEntry 3 } + +rlSshClientAuthenticationMethod OBJECT-TYPE + SYNTAX INTEGER { + public-key-rsa(1), + public-key-dsa(2), + password(3), + public-key-ec(4) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Specifies the global authentication method for SSH client. SSH client + will apply this authentication method upon connecting to a remote server, + if no specific authentication method has been defined for this operation." + ::= { rlSshClient 5 } + + +rlSshClientPassword OBJECT-TYPE + SYNTAX DisplayString(SIZE(0..70)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Specifies the global password for SSH client, to be used for 'password' + authentication. SSH client will use this password during authentication + phase (when connecting remote server), in case no specific password has + been specified for this operation. + The value of this MIB must not contain charachters ':' or '@' (those + are used to indicate parameters seperation in SCP copy). + Upon setting the password, its length must be in range 1-70." + ::= { rlSshClient 6 } + + +rlSshClientPasswordChangeTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshClientPasswordChangeEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table allows the user to change the password in a remote SSH server. + It should be used when working with 'password' authentication with remote + server in SCP sessions. + Set operation on this table will initiate SCP session with the SSH server + whose inet address is specified in the key rlSshClientPasswordChangeInetAddress. + During this session the password for username rlSshClientPasswordChangeUsername + will be changed in the server from rlSshClientPasswordChangeOldPassword to + rlSshClientPasswordChangeNewPassword. + The Set operation might fail, in case an SCP session is already being + held. In case 'noError' is returned, the user can poll the fields + rlSshClientPasswordChangeStatus and rlSshClientPasswordChangeFailureReason + in order to get information on operation status and possible failure + reason. Note: up to 3 status records can be saved." + ::= { rlSshClient 7 } + +rlSshClientPasswordChangeEntry OBJECT-TYPE + SYNTAX RlSshClientPasswordChangeEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshClientPasswordChangeInetAddrType, + rlSshClientPasswordChangeInetAddr} + ::= { rlSshClientPasswordChangeTable 1 } + +RlSshClientPasswordChangeEntry ::= SEQUENCE { + rlSshClientPasswordChangeInetAddrType InetAddressType, + rlSshClientPasswordChangeInetAddr InetAddress, + rlSshClientPasswordChangeUsername DisplayString, + rlSshClientPasswordChangeOldPassword DisplayString, + rlSshClientPasswordChangeNewPassword DisplayString, + rlSshClientPasswordChangeStatus INTEGER, + rlSshClientPasswordChangeFailureReason DisplayString +} + +rlSshClientPasswordChangeInetAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Specifies the inet address type of remote SCP server" + ::= { rlSshClientPasswordChangeEntry 1 } + +rlSshClientPasswordChangeInetAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Specifies the inet address of remote SCP server" + ::= { rlSshClientPasswordChangeEntry 2 } + +rlSshClientPasswordChangeUsername OBJECT-TYPE + SYNTAX DisplayString(SIZE(1..70)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Specifies the username for which the password change is required." + ::= { rlSshClientPasswordChangeEntry 3 } + +rlSshClientPasswordChangeOldPassword OBJECT-TYPE + SYNTAX DisplayString(SIZE(0..70)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Specifies the old password that was in use for rlSshClientPasswordChangeUsername + until now. Upon setting a value in this entry, length of this field value + must be 6-70. Password of length 0 will always be returned on GET operations." + ::= { rlSshClientPasswordChangeEntry 4 } + +rlSshClientPasswordChangeNewPassword OBJECT-TYPE + SYNTAX DisplayString(SIZE(0..70)) + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Specifies the new password that should be in use for + rlSshClientPasswordChangeUsername from now on. Upon setting a value in this + entry, length of this field value must be 6-70. + Password of length 0 will always be returned on GET operations." + ::= { rlSshClientPasswordChangeEntry 5 } + +rlSshClientPasswordChangeStatus OBJECT-TYPE + SYNTAX INTEGER { + inProgress(1), + succeeded(2), + failed(3), + noData(4) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Specifies the status of last password change operation on remote server + identified by rlSshClientPasswordChangeInetAddress. In case this data was + erased (3 or more password change operations have been performed since + the operation on this server), the status will be 'noData'." + ::= { rlSshClientPasswordChangeEntry 6 } + +rlSshClientPasswordChangeFailureReason OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "In case the value of rlSshClientPasswordChangeStatus is 'failed', this + field will contain the failure reason." + ::= { rlSshClientPasswordChangeEntry 7 } + +rlSshClientDeleteSelfKey OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Setting to a value other than 'none' results in deleting the client self + key of the chosen type." + ::= { rlSshClient 8 } + +rlSshClientImportExportSelfKeyTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshClientImportExportSelfKeyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "This table can be used for 2 purposes: + 1) Importing public/private key pair to serve as the device key when acting + as SSH client. This is done by setting entries to this table, according to + the specified format. When the last entry (footer) is set, the whole key + pair is checked and if valid, stored in CDB. + 2) Exporting the device SSH client public/private key. This can be done by + performing GetNext operations on this table." + ::= { rlSshClient 9 } + +rlSshClientImportExportSelfKeyEntry OBJECT-TYPE + SYNTAX RlSshClientImportExportSelfKeyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshClientImportExportSelfKeyAlgorithm, + rlSshClientImportExportSelfKeyFormat, + rlSshClientImportExportSelfKeyFragmentId} + ::= { rlSshClientImportExportSelfKeyTable 1 } + +RlSshClientImportExportSelfKeyEntry ::= SEQUENCE { + rlSshClientImportExportSelfKeyAlgorithm RlSshPublicKeyAlgorithm, + rlSshClientImportExportSelfKeyFormat INTEGER, + rlSshClientImportExportSelfKeyFragmentId INTEGER, + rlSshClientImportExportSelfKeyFragmentText OCTET STRING +} + +rlSshClientImportExportSelfKeyAlgorithm OBJECT-TYPE + SYNTAX RlSshPublicKeyAlgorithm + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Identifies the type of key pair." + ::= { rlSshClientImportExportSelfKeyEntry 1 } + +rlSshClientImportExportSelfKeyFormat OBJECT-TYPE + SYNTAX INTEGER { + uuencoded-format(1) + } + + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Specifies the format of public/key pair. The following formats are + supported for import/export: + 1) uuencoded_format - in this format both private and public key are in + uu-encoded format, and are seperated from one another by header and footer. + An example of the concateneation of all fragments in this format is: + -----BEGIN ENCRYPTED RSA PRIVATE KEY----- + tDaNkZZoCxXfkLLsLDlZ6T9H8U4Gz637eRV7BYBpapkidAxY1UG0/qgfKLPkbId4wzht6ArV9bE4fMtX + wSMOxL3q31pOmUdVhjbWYcgZQBDy1DjFSbuIEdP85c96B9bBE2nPv90mSvb/6j8R2NItT/KJeiYMtLtI + N3m6/zESKJGIrX0jP1RFDjVZSS5chSAFgB0egsLZEyOQn7jAqpX/x/easD2J6F/OjPXlJ9Hff2tMb3NU + QYyBoWH2J9IxhWB6Vo66R9Y04JGR18uL/rV2sMCtpg5ppkVTEpNTp9qE1yXocR2NmzUfNFap+GJ4IHj8 + CzkVfmJM/kEWaJsYgHbAgLyRg4QVyelfobv1B71aQ+u1z9KGu/QajkWdR04OQfsGOL1CvU2LGYDcRjfH + jv+jl/UkDRRjoD9kt2WvouT+OL6esvKl0OJBqWbGNXg9TWv/VLtJIwgUno+MLaJuOM4Fh44+wpnqUXwQ + TFtBFc8pzt5BoOwbv9gXpicTkq4/+GhwXWXxSVFebKhnHAvKSLT+Ba7K7ZeR8EIIxbXdDNFOiS45R2KI + jxxXLXK44u6KGl5MygCKXUOFlJ+Zhgrq6ZH17z/RVJQ2CWqb5Ekn9GY3kH9QZ3mb4MDPfriWi2lHGXHY + JmJd4SLQhpBdnOS5tu84QmyU3dNbAdzghDsR+dEY/6g7Cn0kcVkeHNZ0H+mCZik5f6XBD8eplkk43bdR + FrkwTeAjwurGcKwdiKkR4DlfSq3DKssVBucTqUpqsKqPXLwTIL44rWKhEPXgGPB2XDG0VLvIRKkAgEGI + LNTwOm091Ro= + -----END RSA PRIVATE KEY----- + + -----BEGIN RSA PUBLIC KEY----- + MIGHAoGBAOeIC9gRg3YaEGGMp3C00qNwLINAEDZV/J4BWM5WnWwCWZyHXDs2XiEmFu0ZONAD4gcT2f2f + NNfCBPye39VVuOkKQuSV0MLLX5800LZ4y1BNcPzPZHpnGaCzl7iAjhfj9MolzAh5VRjeiYt0t1um4dm+ + q9A4BtfpJqDYxCW9uxd/AgEj + -----END RSA PUBLIC KEY----- + " + ::= { rlSshClientImportExportSelfKeyEntry 2 } + +rlSshClientImportExportSelfKeyFragmentId OBJECT-TYPE + SYNTAX INTEGER + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Identifies the index of this fragment in the key pair input/output." + ::= { rlSshClientImportExportSelfKeyEntry 3 } + +rlSshClientImportExportSelfKeyFragmentText OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "A part of the readable text entry for the key pair input/output." + ::= { rlSshClientImportExportSelfKeyEntry 4 } + + +rlSshClientRemoteServerPublicKeyFingerprintTable OBJECT-TYPE + SYNTAX SEQUENCE OF RlSshClientRemoteServerPublicKeyFingerprintEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table for storing fingerprints of remote servers public keys. It is used for + the purpose of server authentication. An entry can be inserted to this table + either explicitly by user configuration, or during copy operation, after + user's approval." + ::= { rlSshClient 10 } + +rlSshClientRemoteServerPublicKeyFingerprintEntry OBJECT-TYPE + SYNTAX RlSshClientRemoteServerPublicKeyFingerprintEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + " The row definition for this table." + INDEX { rlSshClientRemoteServerFingerprintInetAddrType, + rlSshClientRemoteServerFingerprintInetAddr, + rlSshClientRemoteServerFingerprint } + ::= { rlSshClientRemoteServerPublicKeyFingerprintTable 1 } + +RlSshClientRemoteServerPublicKeyFingerprintEntry ::= SEQUENCE { + rlSshClientRemoteServerFingerprintInetAddrType InetAddressType, + rlSshClientRemoteServerFingerprintInetAddr InetAddress, + rlSshClientRemoteServerFingerprint OCTET STRING, + rlSshClientRemoteServerFingerprintStatus RowStatus +} + +rlSshClientRemoteServerFingerprintInetAddrType OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Remote server inet address type." + ::= { rlSshClientRemoteServerPublicKeyFingerprintEntry 1 } + +rlSshClientRemoteServerFingerprintInetAddr OBJECT-TYPE + SYNTAX InetAddress + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Remote server inet address." + ::= { rlSshClientRemoteServerPublicKeyFingerprintEntry 2 } + +rlSshClientRemoteServerFingerprint OBJECT-TYPE + SYNTAX OCTET STRING(SIZE(16)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Remote server fingerprint." + ::= { rlSshClientRemoteServerPublicKeyFingerprintEntry 3 } + +rlSshClientRemoteServerFingerprintStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION + "Row status for this row." + ::= { rlSshClientRemoteServerPublicKeyFingerprintEntry 4 } + +rlSshClientRemoteServersAuthenticationEnable OBJECT-TYPE + SYNTAX INTEGER { + enable(1), + disable(2) + } + MAX-ACCESS read-write + STATUS current + DESCRIPTION + "Setting this field to 'enable' enables remote servers authentication. + As a result, while opening a session with a remote server, the fingerprint + of the remote server will be computed and looked for in the table + rlSshClientRemoteServerPublicKeyFingerprintTable. If an entry with the key + (server-inet-address, server-fingerprint) is found, the server is considered + authenticated. Otherwise, the server is not authenticated (unless the user + specifically approved this server can be trusted)." + ::= { rlSshClient 11 } + +rlSshClientDefaultKeyFlag OBJECT-TYPE + SYNTAX INTEGER { + rsa(1), + dsa(2), + rsa-dsa(3), + ec(4), + all(99), + none(100) + } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "This scalar indicates which of the SSH client keys are default keys + (automatically generated)." + ::= { rlSshClient 12 } +END + |