sonic-net · liat-grozovik · Jul 10, 2023 · Jan 9, 2023 · Jan 9, 2023 · Jan 9, 2023
diff --git a/files/build_templates/init_cfg.json.j2 b/files/build_templates/init_cfg.json.j2
@@ -134,6 +134,13 @@
  "special_class": "true"
  }
  },
+ "SSH_SERVER": {
+ "POLICIES":{
+ "authentication_retries": "6",
+ "login_timeout": "120",
+ "ports": "22"
+ }
+ },
  "SYSTEM_DEFAULTS" : {
 {%- if include_mux == "y" %}
  "mux_tunnel_egress_acl": {

@@ -77,6 +77,7 @@ Table of Contents
  * [LOGGER](#logger)
  * [WRED_PROFILE](#wred_profile)
  * [PASSWORD_HARDENING](#password_hardening)
+ * [SSH_SERVER](#ssh_server) 
  * [SYSTEM_DEFAULTS table](#systemdefaults-table)
  * [RADIUS](#radius)
  * [Static DNS](#static-dns)
@@ -2272,6 +2273,25 @@ There are 4 classes
 }
 ```
 
+### SSH_SERVER
+
+In this table, we allow configuring ssh server global settings. This will feature includes 3 configurations:
+
+- authentication_retries - number of login attepmts 1-100
+- login_timeout - Timeout in seconds for login session for user to connect 1-600
+- ports - Ssh port numbers - string of port numbers seperated by ','
+```
+{
+ "SSH_SERVER": {
+ "POLICIES":{
+ "authentication_retries": "6",
+ "login_timeout": "120",
+ "ports": "22"
+ }
+ }
+}
+```
+
 ### BREAKOUT_CFG
 
 This table is introduced as part of Dynamic Port Breakout(DPB) feature.

@@ -138,6 +138,7 @@ def run(self):
  './yang-models/sonic-nat.yang',
  './yang-models/sonic-nvgre-tunnel.yang',
  './yang-models/sonic-passwh.yang',
+ './yang-models/sonic-ssh-server.yang',
  './yang-models/sonic-pbh.yang',
  './yang-models/sonic-port.yang',
  './yang-models/sonic-policer.yang',

@@ -2199,6 +2199,14 @@
  }
  },
 
+ "SSH_SERVER": {
+ "POLICIES":{
+ "authentication_retries": "6",
+ "login_timeout": "120",
+ "ports": "22"
+ }
+ },
+
  "MACSEC_PROFILE": {
  "test": {
  "priority": "64",

@@ -0,0 +1,26 @@
+{
+ "SSH_SERVER_VALID": {
+ "desc": "Configure default SSH_SERVER."
+ },
+ "SSH_SERVER_VALID_MODIFIED": {
+ "desc": "Configure modified SSH_SERVER."
+ },
+ "SSH_SERVER_INVALID_AUTH_RETRIES": {
+ "desc": "Configure invalid number of authentication retries in SSH_SERVER.",
+ "eStrKey" : "Pattern",
+ "eStr": ["1..100"]
+ },
+ "SSH_SERVER_INVALID_LOGIN_TIMEOUT": {
+ "desc": "Configure invalid login timeout value in SSH_SERVER.",
+ "eStrKey" : "Pattern",
+ "eStr": ["1..600"]
+ },
+ "SSH_SERVER_INVALID_PORTS_1": {
+ "desc": "Configure invalid port value in SSH_SERVER.",
+ "eStr": "Invalid port numbers value"
+ },
+ "SSH_SERVER_INVALID_PORTS_2": {
+ "desc": "Configure invalid port value in SSH_SERVER.",
+ "eStr": "Invalid port numbers value"
+ }
+}
@@ -0,0 +1,60 @@
+{
+ "SSH_SERVER_VALID": {
+ "sonic-ssh-server:sonic-ssh-server": {
+ "sonic-ssh-server:SSH_SERVER": {
+ "POLICIES":{
+ "authentication_retries": "6",
+ "login_timeout": "120",
+ "ports": "22"
+ }
+ }
+ }
+ },
+ "SSH_SERVER_VALID_MODIFIED": {
+ "sonic-ssh-server:sonic-ssh-server": {
+ "sonic-ssh-server:SSH_SERVER": {
+ "POLICIES":{
+ "authentication_retries": "16",
+ "login_timeout": "140",
+ "ports": "22,222"
+ }
+ }
+ }
+ },
+ "SSH_SERVER_INVALID_AUTH_RETRIES": {
+ "sonic-ssh-server:sonic-ssh-server": {
+ "sonic-ssh-server:SSH_SERVER": {
+ "POLICIES":{
+ "authentication_retries": "200"
+ }
+ }
+ }
+ },
+ "SSH_SERVER_INVALID_LOGIN_TIMEOUT": {
+ "sonic-ssh-server:sonic-ssh-server": {
+ "sonic-ssh-server:SSH_SERVER": {
+ "POLICIES":{
+ "login_timeout": "606"
+ }
+ }
+ }
+ },
+ "SSH_SERVER_INVALID_PORTS_1": {
+ "sonic-ssh-server:sonic-ssh-server": {
+ "sonic-ssh-server:SSH_SERVER": {
+ "POLICIES":{
+ "ports": "port22"
+ }
+ }
+ }
+ },
+ "SSH_SERVER_INVALID_PORTS_2": {
+ "sonic-ssh-server:sonic-ssh-server": {
+ "sonic-ssh-server:SSH_SERVER": {
+ "POLICIES":{
+ "ports": "22.222"
+ }
+ }
+ }
+ }
+}
@@ -0,0 +1,45 @@
+
+//filename: sonic-ssh_server.yang
+module sonic-ssh-server {
+ yang-version 1.1;
+ namespace "http://github.com/Azure/sonic-ssh_global";
+ prefix sshg;
+
+ description "SSH SERVER CONFIG YANG Module for SONiC OS";
+
+ revision 2022-08-29 {
+ description
+ "First Revision";
+ }
+
+ container sonic-ssh-server {
+ container SSH_SERVER {
+ description "SSH SERVER CONFIG part of config_db.json";
+ container POLICIES {
+ leaf authentication_retries {
+ description "number of login attepmts";
+ default 6;
+ type uint8 {
+ range 1..100;
+ }
+ }
+ leaf login_timeout {
+ description "login timeout (secs unit)";
+ default 120;
+ type uint32 {
+ range 1..600;
+ }
+ }
+ leaf ports {
+ description "ssh port numbers";
+ type string {
+ pattern '([1-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-6])(,([1-9]|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-6]))*' {
+ error-message "Invalid port numbers value";
+ error-app-tag ssh-server-ports-invalid-value;
+ }
+ }
+ }
+ }/*container policies */
+ } /* container SSH_SERVER */
+ }/* container sonic-ssh-server */
+}/* end of module sonic-ssh-server */