mostly added the 'keyboard-interactive' auth method, but also added R…

…FC-refs to various feature statements and created a 'Contributors' section.

draft-ietf-netconf-ssh-client-server.xml

@@ -1023,15 +1023,16 @@ INSERT_TEXT_FROM_FILE(ietf-ssh-server@YYYY-MM-DD.yang)
           </list>
         </t>
       </section>
-      <!--
       <section title="23 to 24">
         <t>
           <list style="symbols">
+            <t>Added RFC-references to various 'feature' statements.</t>
+            <t>Added 'keyboard-interactive' auth mechanism from RFC 4256.</t>
+            <t>Added a 'Contributors' section.</t>
             <t>SUBMISSION PENDING</t>
           </list>
         </t>
       </section>
-      -->
     </section>
 
     <section title="Acknowledgements" numbered="no">
@@ -1054,9 +1055,11 @@ INSERT_TEXT_FROM_FILE(ietf-ssh-server@YYYY-MM-DD.yang)
         Radek Krejci,
         Sean Turner,
         Tom Petch.</t>
+    </section>
 
-      <t>Special acknowledgement goes to Gary Wu who contributed the "ietf-ssh-common"
-        module.</t>
+    <section title="Contributors" numbered="no">
+      <t>Special acknowledgement goes to Gary Wu for his work on the
+        "ietf-ssh-common" module.</t>
     </section>
   </back>
 </rfc>

ietf-ssh-client.yang

@@ -89,32 +89,53 @@ module ietf-ssh-client {
        SSH clients on the server implementing this feature.";
   }
 
-  feature client-identity-password {
-    description
-      "Indicates that the 'password' authentication type
-       is supported for client identification.";
-  }
-
   feature client-identity-publickey {
     description
-      "Indicates that the 'publickey' authentication type
-       is supported for client identification.
+      "Indicates that the 'publickey' authentication type, per
+       RFC 4252, is supported for client identification.
       
        The 'publickey' authentication type is required by
        RFC 4252, but common implementations enable it to
        be disabled.";
+    reference
+      "RFC 4252:
+        The Secure Shell (SSH) Authentication Protocol";
+  }
+
+  feature client-identity-password {
+    description
+      "Indicates that the 'password' authentication type, per
+       RFC 4252, is supported for client identification.";
+    reference
+      "RFC 4252:
+        The Secure Shell (SSH) Authentication Protocol";
   }
 
   feature client-identity-hostbased {
     description
-      "Indicates that the 'hostbased' authentication type
-       is supported for client identification.";
+      "Indicates that the 'hostbased' authentication type, per
+       RFC 4252, is supported for client identification.";
+    reference
+      "RFC 4252:
+        The Secure Shell (SSH) Authentication Protocol";
   }
 
   feature client-identity-none {
     description
-      "Indicates that the 'none' authentication type is
-       supported for client identification.";
+      "Indicates that the 'none' authentication type, per
+       RFC 4252, is supported for client identification.";
+    reference
+      "RFC 4252:
+        The Secure Shell (SSH) Authentication Protocol";
+  }
+
+  feature client-identity-keyboard-interactive {
+    description
+      "Indicates that the 'keyboard-interactive' authentication
+       type, per RFC 4256, is supported for client identification.";
+    reference
+      "RFC 4256: Generic Message Exchange Authentication
+                 for the Secure Shell Protocol (SSH)";
   }
 
   // Groupings
@@ -137,7 +158,7 @@ module ietf-ssh-client {
     container client-identity {
       nacm:default-deny-write;
       must
-        'public-key or password or hostbased or none or certificate';
+        'public-key or password or hostbased or none or certificate or keyboard-interactive';
       description
         "The credentials that the client may use, pending
          the SSH server's requirements, by the SSH client
@@ -228,6 +249,23 @@ module ietf-ssh-client {
           }
         }
       }
+      container keyboard-interactive {
+        if-feature client-identity-keyboard-interactive;
+        presence
+          "Indicates that keyboard-interactive authentication
+           is configured";
+        description
+          "An optional list of preferred submethods.";
+        reference
+          "RFC 4256: Generic Message Exchange Authentication
+                     for the Secure Shell Protocol (SSH)";
+        leaf-list submethods {
+          type string;
+          description
+            "The client's preferred 'submethods'.  Valid values are
+             something the client and the server need to agree on.";
+        }
+      }
     } // container client-identity
 
     container server-authentication {

ietf-ssh-server.yang

@@ -108,8 +108,8 @@ module ietf-ssh-server {
 
   feature client-auth-publickey {
     description
-      "Indicates that the 'publickey' authentication type
-       is supported.
+      "Indicates that the 'publickey' authentication type, per
+       RFC 4252, is supported.
        
        The 'publickey' authentication type is required by
        RFC 4252, but common implementations enable it to
@@ -121,20 +121,38 @@ module ietf-ssh-server {
 
   feature client-auth-password {
     description
-      "Indicates that the 'password' authentication type
-       is supported.";
+      "Indicates that the 'password' authentication type, per
+       RFC 4252, is supported.";
+    reference
+      "RFC 4252:
+        The Secure Shell (SSH) Authentication Protocol";
   }
 
   feature client-auth-hostbased {
     description
-      "Indicates that the 'hostbased' authentication type
-       is supported.";
+      "Indicates that the 'hostbased' authentication type, per
+       RFC 4252, is supported.";
+    reference
+      "RFC 4252:
+        The Secure Shell (SSH) Authentication Protocol";
   }
 
   feature client-auth-none {
     description
-      "Indicates that the 'none' authentication type is
-       supported.";
+      "Indicates that the 'none' authentication type, per
+       RFC 4252, is supported.";
+    reference
+      "RFC 4252:
+        The Secure Shell (SSH) Authentication Protocol";
+  }
+
+  feature client-auth-keyboard-interactive {
+    description
+      "Indicates that the 'keyboard-interactive' authentication
+       type per RFC 4256, is supported.";
+    reference
+      "RFC 4256: Generic Message Exchange Authentication
+                 for the Secure Shell Protocol (SSH)";
   }
 
   // Groupings
@@ -271,6 +289,18 @@ module ietf-ssh-server {
             "RFC 4252: The Secure Shell (SSH) Authentication
                        Protocol.";
         }
+        container keyboard-interactive {
+          if-feature client-auth-keyboard-interactive;
+          presence
+            "Indicates that the 'keyboard-interactive' method is
+             supported.";
+          description
+            "This is a 'container' node to enable consuming modules
+             to augment-in values as needed.";
+          reference
+            "RFC 4256: Generic Message Exchange Authentication
+                       for the Secure Shell Protocol (SSH)";
+        }
       }
 
       container users {
@@ -289,8 +319,10 @@ module ietf-ssh-server {
           container public-keys {
             if-feature client-auth-publickey;
             presence
-              "Indicates that the server can authenticate this
-               user using any of the configured SSH public keys.";
+              "Indicates that the server can authenticate this user
+               using any of the configured SSH public keys.  Present
+               so that the decendant nodes' 'mandatory true' doesn't
+               imply that this node  must be configured.";
             description
               "A set of SSH public keys may be used by the SSH
                server to authenticate this user.  A user is
@@ -317,13 +349,14 @@ module ietf-ssh-server {
             description
               "The password for this user.";
           }
-
           container hostbased {
             if-feature client-auth-hostbased;
             presence
               "Indicates that the server can authenticate this
                user's 'host' using any of the configured SSH
-               host keys.";
+               host keys.  Present so that the decendant nodes'
+               'mandatory true' doesn't imply that this node
+               must be configured.";
             description
               "A set of SSH host keys may be used by the SSH
                server to authenticate this user's host.  A
@@ -354,6 +387,25 @@ module ietf-ssh-server {
               "RFC 4252: The Secure Shell (SSH) Authentication
                          Protocol.";
           }
+          list keyboard-interactive {
+            if-feature "client-auth-keyboard-interactive";
+            key submethod
+            description
+              "Indicates that the server can authenticate this
+               user using the configured submethod.  Consuming
+               modules may augment-in submethod-specific 
+               configuration as needed.";
+            leaf submethod {
+              type string;
+              description
+                "The name of the 'submethod'.  Valid values are
+                 something the client and the server need to
+                 agree on.";
+            }
+            reference
+              "RFC 4256: Generic Message Exchange Authentication
+                         for the Secure Shell Protocol (SSH)";
+          }
         }
       }
       container ca-certs {