Skip to content

Commit

Permalink
Added ssh configurations to YANG model (#13338)
Browse files Browse the repository at this point in the history 
- Why I did it
Implemented ssh configurations

- How I did it
Added ssh config table in configDB, once changed - hostcfgd will change the relevant OS files (sshd_config)

- How to verify it
Tests in sonic-host-services. Change relevant configs in configDB such as ports, and see sshd port was modified
  • Loading branch information
@ycoheNvidia
ycoheNvidia authored Jul 10, 2023
1 parent 4303308 commit 7639df0
Show file tree
Hide file tree
Showing 6 changed files with 161 additions and 0 deletions.
20 changes: 20 additions & 0 deletions src/sonic-yang-models/doc/Configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ Table of Contents
* [LOGGER](#logger)
* [WRED_PROFILE](#wred_profile)
* [PASSWORD_HARDENING](#password_hardening)
* [SSH_SERVER](#ssh_server)
* [SYSTEM_DEFAULTS table](#systemdefaults-table)
* [RADIUS](#radius)
* [Static DNS](#static-dns)
Expand Down Expand Up @@ -2321,6 +2322,25 @@ There are 4 classes
}
```

### SSH_SERVER

In this table, we allow configuring ssh server global settings. This will feature includes 3 configurations:

- authentication_retries - number of login attepmts 1-100
- login_timeout - Timeout in seconds for login session for user to connect 1-600
- ports - Ssh port numbers - string of port numbers seperated by ','
```
{
"SSH_SERVER": {
"POLICIES":{
"authentication_retries": "6",
"login_timeout": "120",
"ports": "22"
}
}
}
```

### BREAKOUT_CFG

This table is introduced as part of Dynamic Port Breakout(DPB) feature.
Expand Down
1 change: 1 addition & 0 deletions src/sonic-yang-models/setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ def run(self):
'./yang-models/sonic-nat.yang',
'./yang-models/sonic-nvgre-tunnel.yang',
'./yang-models/sonic-passwh.yang',
'./yang-models/sonic-ssh-server.yang',
'./yang-models/sonic-pbh.yang',
'./yang-models/sonic-port.yang',
'./yang-models/sonic-policer.yang',
Expand Down
8 changes: 8 additions & 0 deletions src/sonic-yang-models/tests/files/sample_config_db.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2225,6 +2225,14 @@
}
},

"SSH_SERVER": {
"POLICIES":{
"authentication_retries": "6",
"login_timeout": "120",
"ports": "22"
}
},

"MACSEC_PROFILE": {
"test": {
"priority": "64",
Expand Down
26 changes: 26 additions & 0 deletions src/sonic-yang-models/tests/yang_model_tests/tests/ssh-server.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
{
"SSH_SERVER_VALID": {
"desc": "Configure default SSH_SERVER."
},
"SSH_SERVER_VALID_MODIFIED": {
"desc": "Configure modified SSH_SERVER."
},
"SSH_SERVER_INVALID_AUTH_RETRIES": {
"desc": "Configure invalid number of authentication retries in SSH_SERVER.",
"eStrKey" : "Pattern",
"eStr": ["1..100"]
},
"SSH_SERVER_INVALID_LOGIN_TIMEOUT": {
"desc": "Configure invalid login timeout value in SSH_SERVER.",
"eStrKey" : "Pattern",
"eStr": ["1..600"]
},
"SSH_SERVER_INVALID_PORTS_1": {
"desc": "Configure invalid port value in SSH_SERVER.",
"eStr": "Invalid port numbers value"
},
"SSH_SERVER_INVALID_PORTS_2": {
"desc": "Configure invalid port value in SSH_SERVER.",
"eStr": "Invalid port numbers value"
}
}
60 changes: 60 additions & 0 deletions src/sonic-yang-models/tests/yang_model_tests/tests_config/ssh-server.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
{
"SSH_SERVER_VALID": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"authentication_retries": "6",
"login_timeout": "120",
"ports": "22"
}
}
}
},
"SSH_SERVER_VALID_MODIFIED": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"authentication_retries": "16",
"login_timeout": "140",
"ports": "22,222"
}
}
}
},
"SSH_SERVER_INVALID_AUTH_RETRIES": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"authentication_retries": "200"
}
}
}
},
"SSH_SERVER_INVALID_LOGIN_TIMEOUT": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"login_timeout": "606"
}
}
}
},
"SSH_SERVER_INVALID_PORTS_1": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"ports": "port22"
}
}
}
},
"SSH_SERVER_INVALID_PORTS_2": {
"sonic-ssh-server:sonic-ssh-server": {
"sonic-ssh-server:SSH_SERVER": {
"POLICIES":{
"ports": "22.222"
}
}
}
}
}
46 changes: 46 additions & 0 deletions src/sonic-yang-models/yang-models/sonic-ssh-server.yang
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@

//filename: sonic-ssh-server.yang
module sonic-ssh-server {
yang-version 1.1;
namespace "https://github.com/sonic-net/sonic-ssh-server";
prefix sshg;

description "SSH SERVER CONFIG YANG Module for SONiC OS";

revision 2022-08-29 {
description
"First Revision";
}

container sonic-ssh-server {
container SSH_SERVER {
description "SSH SERVER CONFIG part of config_db.json";
container POLICIES {
leaf authentication_retries {
description "number of login attepmts";
default 6;
type uint32 {
range 1..100;
}
}
leaf login_timeout {
description "login timeout (secs unit)";
default 120;
type uint32 {
range 1..600;
}
}
leaf ports {
description "ssh port numbers";
default "22";
type string {
pattern '([1-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-6])(,([1-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-6]))*' {
error-message "Invalid port numbers value";
error-app-tag ssh-server-ports-invalid-value;
}
}
}
}/*container policies */
} /* container SSH_SERVER */
}/* container sonic-ssh-server */
}/* end of module sonic-ssh-server */

0 comments on commit 7639df0

Please sign in to comment.