module ietf-ssh-client {
  yang-version 1.1;
  namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-client";
  prefix sshc;

  import ietf-netconf-acm {
    prefix nacm;
    reference
      "RFC 8341: Network Configuration Access Control Model";
  }

  import ietf-crypto-types {
    prefix ct;
    reference
      "RFC AAAA: YANG Data Types and Groupings for Cryptography";
  }

  import ietf-truststore {
    prefix ts;
    reference
      "RFC BBBB: A YANG Data Model for a Truststore";
  }

  import ietf-keystore {
    prefix ks;
    reference
      "RFC CCCC: A YANG Data Model for a Keystore";
  }

  import ietf-ssh-common {
    prefix sshcmn;
    reference
      "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
  }

  organization
    "IETF NETCONF (Network Configuration) Working Group";

  contact
    "WG Web:   https://datatracker.ietf.org/wg/netconf
     WG List:  NETCONF WG list <mailto:netconf@ietf.org>
     Author:   Kent Watsen <mailto:kent+ietf@watsen.net>";

  description
    "This module defines a reusable grouping for SSH clients that
     can be used as a basis for specific SSH client instances.

     Copyright (c) 2024 IETF Trust and the persons identified
     as authors of the code. All rights reserved.

     Redistribution and use in source and binary forms, with
     or without modification, is permitted pursuant to, and
     subject to the license terms contained in, the Revised
     BSD License set forth in Section 4.c of the IETF Trust's
     Legal Provisions Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC EEEE
     (https://www.rfc-editor.org/info/rfcEEEE); see the RFC
     itself for full legal notices.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
     'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
     'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document
     are to be interpreted as described in BCP 14 (RFC 2119)
     (RFC 8174) when, and only when, they appear in all
     capitals, as shown here.";

  revision 2024-02-08 {
    description
      "Initial version";
    reference
      "RFC EEEE: YANG Groupings for SSH Clients and SSH Servers";
  }

  // Features

  feature ssh-client-keepalives {
    description
      "Per socket SSH keepalive parameters are configurable for
       SSH clients on the server implementing this feature.";
  }

  feature client-ident-publickey {
    description
      "Indicates that the 'publickey' authentication type, per
       RFC 4252, is supported for client identification.
       The 'publickey' authentication type is required by
       RFC 4252, but common implementations allow it to
       be disabled.";
    reference
      "RFC 4252:
        The Secure Shell (SSH) Authentication Protocol";
  }

  feature client-ident-password {
    description
      "Indicates that the 'password' authentication type, per
       RFC 4252, is supported for client identification.";
    reference
      "RFC 4252:
        The Secure Shell (SSH) Authentication Protocol";
  }

  feature client-ident-hostbased {
    description
      "Indicates that the 'hostbased' authentication type, per
       RFC 4252, is supported for client identification.";
    reference
      "RFC 4252:
        The Secure Shell (SSH) Authentication Protocol";
  }

  feature client-ident-none {
    description
      "Indicates that the 'none' authentication type, per
       RFC 4252, is supported for client identification.
       It is NOT RECOMMENDED to enable this feature.";
    reference
      "RFC 4252:
        The Secure Shell (SSH) Authentication Protocol";
  }

  // Groupings

  grouping ssh-client-grouping {
    description
      "A reusable grouping for configuring a SSH client without
       any consideration for how an underlying TCP session is
       established.

       Note that this grouping uses fairly typical descendant
       node names such that a nesting of 'uses' statements will
       have name conflicts.  It is intended that the consuming
       data model will resolve the issue (e.g., by wrapping
       the 'uses' statement in a container called
       'ssh-client-parameters').  This model purposely does
       not do this itself so as to provide maximum flexibility
       to consuming models.";

    container client-identity {
      nacm:default-deny-write;
      description
        "The username and authentication methods for the client.
         The authentication methods are unordered.  Clients may
         initially send any configured method or, per RFC 4252,
         Section 5.2, send the 'none' method to prompt the server
         to provide a list of productive methods.  Whenever a
         choice amongst methods arises, implementations SHOULD
         use a default ordering that prioritizes automation
         over human-interaction.";
      leaf username {
        type string;
        description
          "The username of this user.  This will be the username
           used, for instance, to log into an SSH server.";
      }
      container public-key {
        if-feature "client-ident-publickey";
        presence
          "Indicates that publickey-based authentication has been
           configured.  This statement is present so the mandatory
           descendant nodes do not imply that this node must be
           configured.";
        description
          "A locally-defined or referenced asymmetric key
           pair to be used for client identification.";
        reference
          "RFC CCCC: A YANG Data Model for a Keystore";
        uses ks:inline-or-keystore-asymmetric-key-grouping {
          refine "inline-or-keystore/inline/inline-definition" {
            must 'not(public-key-format) or derived-from-or-self'
               + '(public-key-format, "ct:ssh-public-key-format")';
          }
          refine "inline-or-keystore/central-keystore/"
               + "central-keystore-reference" {
            must 'not(deref(.)/../ks:public-key-format) or derived-'
               + 'from-or-self(deref(.)/../ks:public-key-format, '
               + '"ct:ssh-public-key-format")';
          }
        }
      }
      container password {
        if-feature "client-ident-password";
        presence
          "Indicates that password-based authentication has been
           configured.  This statement is present so the mandatory
           descendant nodes do not imply that this node must be
           configured.";
        description
          "A password to be used to authenticate the client's
           identity.";
        uses ct:password-grouping;
      }
      container hostbased {
        if-feature "client-ident-hostbased";
        presence
          "Indicates that hostbased authentication is configured.
           This statement is present so the mandatory descendant
           nodes do not imply that this node must be configured.";
        description
          "A locally-defined or referenced asymmetric key
           pair to be used for host identification.";
        reference
          "RFC CCCC: A YANG Data Model for a Keystore";
        uses ks:inline-or-keystore-asymmetric-key-grouping {
          refine "inline-or-keystore/inline/inline-definition" {
            must 'not(public-key-format) or derived-from-or-self('
               + 'public-key-format, "ct:ssh-public-key-format")';
          }
          refine "inline-or-keystore/central-keystore/"
               + "central-keystore-reference" {
            must 'not(deref(.)/../ks:public-key-format) or derived-'
               + 'from-or-self(deref(.)/../ks:public-key-format, '
               + '"ct:ssh-public-key-format")';
          }
        }
      }
      leaf none {
        if-feature "client-ident-none";
        type empty;
        description
          "Indicates that 'none' algorithm is used for client
           identification.";
      }
      container certificate {
        if-feature "sshcmn:ssh-x509-certs";
        presence
          "Indicates that certificate-based authentication has been
           configured.  This statement is present so the mandatory
           descendant nodes do not imply that this node must be
           configured.";
        description
          "A locally-defined or referenced certificate
           to be used for client identification.";
        reference
          "RFC CCCC: A YANG Data Model for a Keystore";
        uses
          ks:inline-or-keystore-end-entity-cert-with-key-grouping {
          refine "inline-or-keystore/inline/inline-definition" {
            must 'not(public-key-format) or derived-from-or-self('
               + 'public-key-format, "ct:subject-public-key-info-'
               + 'format")';
          }
          refine "inline-or-keystore/central-keystore/"
               + "central-keystore-reference/asymmetric-key" {
            must 'not(deref(.)/../ks:public-key-format) or derived-'
               + 'from-or-self(deref(.)/../ks:public-key-format, '
               + '"ct:subject-public-key-info-format")';
          }
        }
      }
    } // container client-identity

    container server-authentication {
      nacm:default-deny-write;
      must 'ssh-host-keys or ca-certs or ee-certs';
      description
        "Specifies how the SSH client can authenticate SSH servers.
         Any combination of authentication methods is additive and
         unordered.";
      container ssh-host-keys {
        presence
          "Indicates that the SSH host key have been configured.
           This statement is present so the mandatory descendant
           nodes do not imply that this node must be configured.";
        description
          "A bag of SSH host keys used by the SSH client to
           authenticate SSH server host keys.  A server host key
           is authenticated if it is an exact match to a
           configured SSH host key.";
        reference
          "RFC BBBB: A YANG Data Model for a Truststore";
        uses ts:inline-or-truststore-public-keys-grouping {
          refine
            "inline-or-truststore/inline/inline-definition/public"
            + "-key" {
            must 'derived-from-or-self(public-key-format,'
               + ' "ct:ssh-public-key-format")';
          }
          refine "inline-or-truststore/central-truststore/"
               + "central-truststore-reference" {
            must 'not(deref(.)/../ts:public-key/ts:public-key-'
               + 'format[not(derived-from-or-self(., "ct:ssh-'
               + 'public-key-format"))])';
          }
        }
      }
      container ca-certs {
        if-feature "sshcmn:ssh-x509-certs";
        presence
          "Indicates that the CA certificates have been configured.
           This statement is present so the mandatory descendant
           nodes do not imply that this node must be configured.";
        description
          "A set of certificate authority (CA) certificates used by
           the SSH client to authenticate SSH servers.  A server
           is authenticated if its certificate has a valid chain
           of trust to a configured CA certificate.";
        reference
          "RFC BBBB: A YANG Data Model for a Truststore";
        uses ts:inline-or-truststore-certs-grouping;
      }
      container ee-certs {
        if-feature "sshcmn:ssh-x509-certs";
        presence
          "Indicates that the EE certificates have been configured.
           This statement is present so the mandatory descendant
           nodes do not imply that this node must be configured.";
        description
          "A set of end-entity certificates used by the SSH client
           to authenticate SSH servers.  A server is authenticated
           if its certificate is an exact match to a configured
           end-entity certificate.";
        reference
          "RFC BBBB: A YANG Data Model for a Truststore";
        uses ts:inline-or-truststore-certs-grouping;
      }
    } // container server-authentication

    container transport-params {
      nacm:default-deny-write;
      if-feature "sshcmn:transport-params";
      description
        "Configurable parameters of the SSH transport layer.";
      uses sshcmn:transport-params-grouping;
    } // container transport-parameters

    container keepalives {
      nacm:default-deny-write;
      if-feature "ssh-client-keepalives";
      presence
        "Indicates that the SSH client proactively tests the
         aliveness of the remote SSH server.";
      description
        "Configures the keep-alive policy, to proactively test
         the aliveness of the SSH server.  An unresponsive SSH
         server is dropped after approximately max-wait * 
         max-attempts seconds.  Per Section 4 of RFC 4254,
         the SSH client SHOULD send an SSH_MSG_GLOBAL_REQUEST
         message with a purposely nonexistent 'request name'
         value (e.g., keepalive@ietf.org) and the 'want reply'
         value set to '1'.";
      reference
        "RFC 4254: The Secure Shell (SSH) Connection Protocol";
      leaf max-wait {
        type uint16 {
          range "1..max";
        }
        units "seconds";
        default "30";
        description
          "Sets the amount of time in seconds after which if
           no data has been received from the SSH server, a
           SSH-level message will be sent to test the
           aliveness of the SSH server.";
      }
      leaf max-attempts {
        type uint8;
        default "3";
        description
          "Sets the maximum number of sequential keep-alive
           messages that can fail to obtain a response from
           the SSH server before assuming the SSH server is
           no longer alive.";
      }
    } // container keepalives
  } // grouping ssh-client-grouping

}