[Netconf] ietf-ssh-client@2018-06-04, issues with the grouping
Balázs Kovács <balazs.kovacs@ericsson.com> Fri, 24 August 2018 14:14 UTC
Return-Path: <balazs.kovacs@ericsson.com>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3773F127332 for <netconf@ietfa.amsl.com>; Fri, 24 Aug 2018 07:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Dw2oDsUK; dkim=pass (1024-bit key) header.d=ericsson.com header.b=T19gYEpr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A6aOgUM7657R for <netconf@ietfa.amsl.com>; Fri, 24 Aug 2018 07:14:55 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C501F127333 for <netconf@ietf.org>; Fri, 24 Aug 2018 07:14:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1535120092; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=973tcy7TE/7GqfZ9+qstm+4rU+xH80FodTz7gWQm0T4=; b=Dw2oDsUKozaso7qvqXnDlSSmgkeooqusLNbrwuiZ2WymNyZqjHfSiwnUlNsUIRhD wApP6g6FYvUR8QBP7roEBL+a3sTUFYY+Fl9MmBm7Q9L6eTXVuracpRpso88NL9sx gEW8cI8kZ2lI4hDk0yOCVPUrKlbvy+ToJ5GQtXLIFKo=;
X-AuditID: c1b4fb2d-20bff700000055ff-f8-5b8012dc76f3
Received: from ESESSMB504.ericsson.se (Unknown_Domain [153.88.183.122]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 0B.9B.22015.CD2108B5; Fri, 24 Aug 2018 16:14:52 +0200 (CEST)
Received: from ESESSMR503.ericsson.se (153.88.183.112) by ESESSMB504.ericsson.se (153.88.183.192) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Fri, 24 Aug 2018 16:14:52 +0200
Received: from ESESBMB504.ericsson.se (153.88.183.171) by ESESSMR503.ericsson.se (153.88.183.112) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Fri, 24 Aug 2018 16:14:52 +0200
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB504.ericsson.se (153.88.183.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Fri, 24 Aug 2018 16:14:52 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T4ye13ytlUv2fWcE7ofsAKAIfyT8Kud/mujSFQMCgec=; b=T19gYEprS8SSJTW7vxGFlMTeDcGBINfQhFgyZZMdySPkyCndsOY7GnPi4ljOs/bhbdSLzNS5lFBxfu2ipR2VcWF976kjetsI6kMKbwlLuknDV73HuKmdLvt/AkbmXBagWsVFW1bYV5BsM824EqZxrLrAerCHICbODWwIiWpb6aI=
Received: from VI1PR0701MB2016.eurprd07.prod.outlook.com (10.167.209.150) by VI1PR0701MB2702.eurprd07.prod.outlook.com (10.173.80.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1080.11; Fri, 24 Aug 2018 14:14:51 +0000
Received: from VI1PR0701MB2016.eurprd07.prod.outlook.com ([fe80::bd7a:c3c7:f6f1:4e9]) by VI1PR0701MB2016.eurprd07.prod.outlook.com ([fe80::bd7a:c3c7:f6f1:4e9%3]) with mapi id 15.20.1101.007; Fri, 24 Aug 2018 14:14:51 +0000
From: Balázs Kovács <balazs.kovacs@ericsson.com>
To: "netconf@ietf.org" <netconf@ietf.org>
Thread-Topic: ietf-ssh-client@2018-06-04, issues with the grouping
Thread-Index: AdQ7tI8eO2FLiv93TayOZnTB9JrItw==
Date: Fri, 24 Aug 2018 14:14:51 +0000
Message-ID: <VI1PR0701MB2016B4A08C395CAE6DCD779E83360@VI1PR0701MB2016.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.176.1.92]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0701MB2702; 6:kUW1Z6wi03TxSNCZSu4iCVbosRMxb70vrkxnxc0jMC8Y+ZbSolLZh+ekdgekeAPwNmAUvURN1o/xRo3DxEWbuQR4Nzrb5OuTOA0qMhpVbNvBIbqHoJIt2fnq6f0sml8Zlg5UAySRl6gQC+AM1JfgIFiZE2l98hhgvM4GLg2TZ4twEOKFj/HKD9a38X5WmVb2U+QceH6OrQDHyWDZUSFw2zcWpzJSV0A/PLA0zErKLhFXTfFdMB+G8fHmkqIhVnYQbsyE77JXweIxCOJ2AUtdi/aXOFwgA7Npe0H0swbcmju2hxkRelNeagGM42ppIw28MJ0QQ+e3YpLyYq2DAx475MxFX8iln6ke9tuItInkVG8ZRvbbNY4eQ8c5S+AtdjFAbjoft5xWq3M8kjkrHGGndLrNcZD0ooyo9drKtZE0muD6J2UulubFaM8H1vZBq8EiPOylh7yMjE85J9Jwzxcd1w==; 5:AX+1PnvLOX5LgQjLrIciSP47f0C/E2PQ7eBYARz8UQyMLvLL1h1sBmF3y/+RlybwQCcHlTQguuMiJcm1ZY/W27M94PsV1tDSdx155qoWk7TgwshTA1TFp+xpMrSIBspxtgSxv+9indUma1Mt/aMMXRlHF6R5v6UUNvcpdAvevGM=; 7:dgDNYx9ipnvg7Df1qeQnY+BBijODIgkGS2Iyzx3I5nTkZxyb9ppnez2vWziTmBFF0UKRXRF7mRXla/+MDuY14+wZ9mvLeTpLvx+9MlN2d7mWQ2QQ9/Yp7rnQcBpW4vJc5IDrN1Bc1Ou8JgrMcwoMXPdvvQ4SZBs1M8kt8PohzvXqnhTz63tZ2j2UIHOAYhkTe4hMfRufvoRfxQUAQ1mIeGB/pQDaBYdfDp3J08f9kiG6A94QosW3aqOyIxCYpygB
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 4ed21169-b2a8-43a0-e784-08d609cbf512
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:VI1PR0701MB2702;
x-ms-traffictypediagnostic: VI1PR0701MB2702:
x-microsoft-antispam-prvs: <VI1PR0701MB27027DDF37C28D1D64EE382983360@VI1PR0701MB2702.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3002001)(93006095)(93001095)(3231311)(944501410)(52105095)(149027)(150027)(6041310)(20161123562045)(20161123564045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699046)(76991030); SRVR:VI1PR0701MB2702; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0701MB2702;
x-forefront-prvs: 07749F8C42
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(136003)(366004)(376002)(396003)(39860400002)(53754006)(189003)(199004)(53936002)(97736004)(105586002)(2900100001)(2351001)(6306002)(106356001)(74316002)(9686003)(54896002)(33656002)(7696005)(55016002)(66066001)(6916009)(5640700003)(102836004)(68736007)(478600001)(25786009)(8936002)(8676002)(5250100002)(26005)(486006)(2906002)(7736002)(6346003)(81156014)(14454004)(5630700001)(6436002)(81166006)(551544002)(1730700003)(316002)(14444005)(476003)(9326002)(6116002)(3846002)(790700001)(256004)(5660300001)(186003)(2501003)(86362001)(6506007)(99286004)(68540200001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB2702; H:VI1PR0701MB2016.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=balazs.kovacs@ericsson.com;
x-microsoft-antispam-message-info: YHAD62FmZoJkZPTO7ohTQKidxqQY9oWg2NOpnySFDGJXsT2npqoldFJtq2N5E8UZCrVthrnhAf7PpX49U2Ry5z8J2UHYqsDKyv+mHnh63hHq8bebboOwY6GwuTttOIPqE4Kyiu638uE4DZ2rUZzZa9pIl3G6Qu7P9mPpA0XnrFRKqr7bj2oF9whBR62iJP6907iRbvdpoanHebf+ai85ZsTVLR+tXgeOCYTZih+utXjgyEnfySSMRosXkuNtrydJBzys2MN13NoFbWqAV9XjgJmJcHOuCyZYIku6d3ccGj6hyOn4GaZcglo2umws2TRZU8QNSKheq5OlJ2vzFX3PBN2TzJF7EgIIUvtvQK5rXOk=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0701MB2016B4A08C395CAE6DCD779E83360VI1PR0701MB2016_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 4ed21169-b2a8-43a0-e784-08d609cbf512
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Aug 2018 14:14:51.2453 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2702
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrEKsWRmVeSWpSXmKPExsUyM2J7le4doYZog+UbzCymbrrN6sDosWTJ T6YAxigum5TUnMyy1CJ9uwSujOMtJgWT5jFW9M1bz9zA+LeTsYuRk0NCwERi5vfZ7F2MXBxC AkcZJbqeHYVyvjFK7Py2iwXOWfatmxnCWcIk8fjBWyaQfhaBCcwS21emQyRmMEn82HWTEcJ5 wijx79oNZpAqNgFXiaczf7KD2CICmhKNsz6wgtjCArYSE7Z9YoWIO0mca9oAZHMA2XoS32+J QixQlehacRVsGa9AgsT+77/BRjIKiEl8P7UGLM4sIC5x68l8JoiHBCSW7DnPDGGLSrx8/I8V wlaQ+HPpERuELStxaX432J0SAgfYJc5sXgiV0JX4MHUqVLOvxLEbh9ghik4yShzZNxOqSEdi 9ceZUNvyJU5v/cUCYUdLNO/+DlUjJ7Gq9yELRPNhZomX+85CnSEj8XrWGyaIxE9Wif6m+ywT GPVmIXljFjAEmIEGv5/FOwvsa0GJkzOfsECU6EncmDqFDcLWlli28DUzhK0rMePfIRZk8QWM 7KsYRYtTi4tz042M9VKLMpOLi/Pz9PJSSzYxAlPOwS2/dXcwrn7teIhRgINRiYe3hashWog1 say4MvcQowQHs5IIr5oAUIg3JbGyKrUoP76oNCe1+BCjNAeLkjiv3qo9UUIC6YklqdmpqQWp RTBZJg5OqQbGie8Zc+aZL9h/1ayWc3vSUbnLl+3eiNVPfG4YJducWhLs/qTH8b17q1bKcrtv l+Ms/Tr2Z0QapF+oPjjxwpuVNzZpB2xXf3nOIJVt3YYjoq0fGi6Lxn7zPl7GfOsKk8ya75It Bcb3rVq7VgX1v1wYkvHbSvBeBEP/YWHr/D11H1bfc/ynpMOlxFKckWioxVxUnAgAdtWnsTUD AAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/LHk2RtNFW4taTMF9CPqum9Jw_-M>
Subject: [Netconf] ietf-ssh-client@2018-06-04, issues with the grouping
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Network Configuration WG mailing list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Aug 2018 14:14:58 -0000
Hi All,
I made an attempt to make use of the ietf-ssh-client@2018-06-04 module to configure an interactive ssh client, and I found some obstacles. The current ietf-ssh-client model has the following structure:
module: ietf-ssh-client
+--rw client
+--rw client-identity
| +--rw username? string
| +--rw (auth-type)
| +--:(password)
| | +--rw password? string
| +--:(public-key)
| | +--rw public-key
| +--:(certificate)
| +--rw certificate {sshcmn:ssh-x509-certs}?
+--rw server-auth
| +--rw pinned-ssh-host-keys? ta:pinned-host-keys-ref
| +--rw pinned-ca-certs? ta:pinned-certificates-ref {sshcmn:ssh-x509-certs}?
| +--rw pinned-server-certs? ta:pinned-certificates-ref {sshcmn:ssh-x509-certs}?
+--rw transport-params {ssh-client-transport-params-config}?
In the netconf-client module, which I took as example it is mounted to the 'ssh' container and preceded by:
module: ietf-netconf-client
+--rw netconf-client
+--rw initiate! {initiate}?
| +--rw netconf-server* [name]
| +--rw name string
| +--rw endpoints
| | +--rw endpoint* [name]
| | +--rw name string
| | +--rw (transport)
| | +--:(ssh) {ssh-initiate}?
| | | +--rw ssh
| | | +--rw address? inet:host
| | | +--rw port? inet:port-number\
In the case of the interactive client, I want some limited parameters to be provided by the invoking user, which is at least the target user, target address, and target port, so I would not need all the data nodes present in the netconf-client, but I need a subset of them, including the user credentials. The problem I face, is that for one target address, the user can select multiple target users, and for one target user, it should be able to select multiple target addresses. With the above model, if I want to set up a second client identity, I would basically need to create a complete endpoint with the same data in all the rest of the data nodes. Equally, if I want to set up a different endpoint, I need to copy all the possible client identities to be able to use them at other target addresses.
My thinking is that the endpoint related configuration (address, port, server-auth, transport-params) should be decoupled from client identities, so I can set them up and mount them independently. However, I think this would effect the ssh-client grouping a bit heavily, basically breaking it up into two pieces. One that caters for the client identity, and another for the endpoint/server security.
One looking like this (temp name 'ssh-client-client-identity-grouping'):
grouping ssh-client-client-identity-grouping
+-- client-identity
+-- username? string
+-- (auth-type)
+--:(password)
| +-- password? string
+--:(public-key)
| +-- public-key
| +---u ks:local-or-keystore-asymmetric-key-grouping
+--:(certificate)
+-- certificate {sshcmn:ssh-x509-certs}?
+---u ks:local-or-keystore-end-entity-certificate-grouping
And another (temp name 'ssh-server-auth-transport-params-grouping'):
grouping ssh-client-server-auth-transport-params-grouping
+-- server-auth
| +-- pinned-ssh-host-keys? ta:pinned-host-keys-ref
| +-- pinned-ca-certs? ta:pinned-certificates-ref
| | {sshcmn:ssh-x509-certs}?
| +-- pinned-server-certs? ta:pinned-certificates-ref
| {sshcmn:ssh-x509-certs}?
+-- transport-params {ssh-client-transport-params-config}?
+---u sshcmn:transport-params-grouping
I also wonder if this would effect the similar module of tls-client. In TLS case, the client identity used is more bound to actual server and is rarely selectable by interaction, but splitting the current single grouping into two may probably not harm either.
Best Regards,
Balazs
- [Netconf] ietf-ssh-client@2018-06-04, issues with… Balázs Kovács
- Re: [Netconf] ietf-ssh-client@2018-06-04, issues … Kent Watsen
- Re: [Netconf] ietf-ssh-client@2018-06-04, issues … Balázs Kovács
- Re: [Netconf] ietf-ssh-client@2018-06-04, issues … Kent Watsen
- Re: [Netconf] ietf-ssh-client@2018-06-04, issues … Balázs Kovács
- Re: [Netconf] ietf-ssh-client@2018-06-04, issues … Kent Watsen
- Re: [Netconf] ietf-ssh-client@2018-06-04, issues … Balázs Kovács