[netconf] ietf-ssh-server host key
Michal Vasko <mvasko@cesnet.cz> Thu, 01 June 2023 11:59 UTC
Return-Path: <mvasko@cesnet.cz>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28B43C15199A for <netconf@ietfa.amsl.com>; Thu, 1 Jun 2023 04:59:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cesnet.cz
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u5W_8F0KNHfI for <netconf@ietfa.amsl.com>; Thu, 1 Jun 2023 04:59:21 -0700 (PDT)
Received: from office2.cesnet.cz (office2.cesnet.cz [195.113.144.244]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6B4FC1516F8 for <netconf@ietf.org>; Thu, 1 Jun 2023 04:59:19 -0700 (PDT)
Received: from [IPV6:2001:67c:1220:80c:f6:4a3a:d717:4a09] (unknown [IPv6:2001:67c:1220:80c:f6:4a3a:d717:4a09]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by office2.cesnet.cz (Postfix) with ESMTPSA id 2DC4740007C for <netconf@ietf.org>; Thu, 1 Jun 2023 13:59:17 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cesnet.cz; s=office2-2020; t=1685620757; bh=0vZ2LP2EeuFl5VgzC3sRkm1Gz4h3JfSbnKGa0dTPTYc=; h=Date:To:From:Subject; b=Qqrmj6tSyN6FI24lFXRYSCB/AzyXIr1Gwa1UI0dPbFnmcH+jg9XHPKLgt3Mkt9XK7 XOT3h5jiuDCcwdAFxyLxcVjVuPYRFVQ1KxlUdgLcIWCUUOrlpkm83JgGin94s2Ei/x FB7BPfQN60irDrFpH8pAZZgbQNQAD4MPDDg4F8bui7CzPAbMvGFCK28h4SzwLX7/FH 9frl2UvWY+9IM7qxVsrS2gQ7O3jK+m1ShaJk99L85vpmS8Hp8KBH1POoOe8qhQYC0s 6adTXxq86YG5VrSHQMnMld5cc7o8FP7fRGilAh7tR196jaafn1lQTrnBGeioJiMqZC 3T0kjv6MaLvMw==
Message-ID: <674ad1df-38de-8e94-13ab-b37afe662075@cesnet.cz>
Date: Thu, 01 Jun 2023 13:59:16 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2
Content-Language: en-US
To: netconf <netconf@ietf.org>
From: Michal Vasko <mvasko@cesnet.cz>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms020002050707070106070101"
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/-uGi1YbqdwHhmz2Ew4crixr_79g>
Subject: [netconf] ietf-ssh-server host key
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2023 11:59:25 -0000
Hello,
we are implementing these modules (ietf-netconf-server and imports) and
I have a question regarding the container
`/ietf-netconf-server:netconf-server/listen/endpoint/ssh/ssh-server-parameters/server-identity/host-key/public-key`.
It looks like this
+--rw public-key
+--rw (inline-or-keystore)
+--:(inline) {inline-definitions-supported}?
| +--rw inline-definition
| +--rw public-key-format identityref
| +--rw public-key binary
| +--rw private-key-format? identityref
| +--rw (private-key-type)
| +--:(cleartext-private-key) {cleartext-private-keys}?
| | +--rw cleartext-private-key? binary
| +--:(hidden-private-key) {hidden-private-keys}?
| | +--rw hidden-private-key? empty
| +--:(encrypted-private-key) {encrypted-private-keys}?
| +--rw encrypted-private-key
| +--rw encrypted-by
| +--rw encrypted-value-format identityref
| +--rw encrypted-value binary
+--:(keystore) {central-keystore-supported,asymmetric-keys}?
+--rw keystore-reference? ks:asymmetric-key-ref
What is there the public key for? For a key to be used as a host key you
only need the private key (technically, you can always generate the
public key from the private key but the public key is not needed at all
in this case) and it is causing us some problems because it is even
required to be in the `ssh-public-key-format` without any information as
to why. Thanks for any explanation.
Regards,
Michal
- [netconf] ietf-ssh-server host key Michal Vasko
- Re: [netconf] ietf-ssh-server host key Kent Watsen
- Re: [netconf] ietf-ssh-server host key Michal Vasko
- Re: [netconf] ietf-ssh-server host key Hartley, Jeff
- Re: [netconf] ietf-ssh-server host key Kent Watsen
- Re: [netconf] ietf-ssh-server host key Michal Vasko
- Re: [netconf] ietf-ssh-server host key Roman Janota
- Re: [netconf] ietf-ssh-server host key Kent Watsen