-- ********************************************************************* -- CISCO-SECURE-SHELL-MIB.my: Cisco Secure Shell Mib -- -- October 2002, Charuhas Ghatge -- April 2004, Dipesh Gorashia -- -- Copyright (c) 2002, 2003, 2004 by cisco Systems, Inc. -- All rights reserved. -- -- ********************************************************************* CISCO-SECURE-SHELL-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32 FROM SNMPv2-SMI MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF RowStatus, TimeStamp, DisplayString, TruthValue, TEXTUAL-CONVENTION FROM SNMPv2-TC SnmpAdminString FROM SNMP-FRAMEWORK-MIB InetAddressType, InetAddress FROM INET-ADDRESS-MIB ciscoMgmt FROM CISCO-SMI; ciscoSecureShellMIB MODULE-IDENTITY LAST-UPDATED "200506010000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO "Cisco Systems Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553 -NETS E-mail: cs-san@cisco.com, cs-lan-switch-snmp@cisco.com" DESCRIPTION "MIB module for displaying and configuring accounting and Secure Shell (SSH) related features in a device. SSH is a program to log into another computer over a network, to execute commands in a remote machine and to move files from one machine to another. It provides strong authentication and secure communications over unsecure channels. For more information on SSH, please refer to IETF draft, draft-ietf-tls-ssh-00.txt." REVISION "200506010000Z" DESCRIPTION "Added cssKeyGenerationStatus" REVISION "200404050000Z" DESCRIPTION "Added cssServiceModeCfgGroup and cssSessionInfoGroup to the MIB module." REVISION "200309180000Z" DESCRIPTION "Added cssKeyString object to the cssKeyTable. Changed the description of cssServiceActivation" REVISION "200210050000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 339 } ciscoSecureShellMIBObjects OBJECT IDENTIFIER ::= { ciscoSecureShellMIB 1 } cssConfiguration OBJECT IDENTIFIER ::= { ciscoSecureShellMIBObjects 1 } cssSessionInfo OBJECT IDENTIFIER ::= { ciscoSecureShellMIBObjects 2 } CssVersions ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An indication of the Secure Shell protocol versions supported or enabled on the device." SYNTAX BITS { v1(0), -- ssh v1 v2(1) -- ssh v2 } -- The SSH Configuration group cssServiceActivation OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "Enables or disables the Secure Shell (SSH) service on the device. " DEFVAL { false } ::= { cssConfiguration 1 } cssKeyTable OBJECT-TYPE SYNTAX SEQUENCE OF CssKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "cssKeyTable is a table that lets the user configure the SSH keys" ::= { cssConfiguration 2 } cssKeyEntry OBJECT-TYPE SYNTAX CssKeyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A SSH key table entry. The index specifies which protocol the user wants to generate the key for. To create the key for a protocol (for the first time), following steps are to be taken by the Network Management System. 1. Choose the Protocol, by specifying the cssKeyIndex 2. Choose nbits, by specifying the cssKeyNBits value 3. cssKeyRowStatus as createAndGo (4) To delete the key for a protocol, following steps are to be taken by the Network Management System 1. Choose the Protocol, by specifying the cssKeyIndex 2. cssKeyRowStatus as destroy (6) To overwrite the existing key for a protocol 1. Choose the Protocol, by specifying the cssKeyIndex 2. Choose the nbits, by specifying the cssKeyNBits value 3. cssKeyOverWrite as true(1)." INDEX { cssKeyIndex } ::= { cssKeyTable 1 } CssKeyEntry ::= SEQUENCE { cssKeyIndex INTEGER, cssKeyNBits Integer32, cssKeyOverWrite TruthValue, cssKeyLastCreationTime TimeStamp, cssKeyRowStatus RowStatus, cssKeyString DisplayString } cssKeyIndex OBJECT-TYPE SYNTAX INTEGER { rsa(1), rsa1(2), dsa(3) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The SSH Protocol Identifier for which this entry pertains to. The protocol can be rsa1, dsa or rsa. rsa - A public-key cryptosystem defined by Rivest, Shamir and Adleman. This is used with version 2 of the SSH. rsa1 - Same as rsa, but this is used with version 1 of the SSH. dsa - Digital Signature Algorithm, a public key cipher used to generate digital signatures." ::= { cssKeyEntry 1 } cssKeyNBits OBJECT-TYPE SYNTAX Integer32 (512..2048) MAX-ACCESS read-create STATUS current DESCRIPTION "The number of bits provided to generate the key. This determines the length of the kestring generated by the SSH. This object cannot be modified while this row is active, unless the associated cssKeyOverWrite object is set to True in the same Set PDU." ::= { cssKeyEntry 2 } cssKeyOverWrite OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "This object specifies whether an existing key for the protocol should be overwritten with a new key. No action is taken if this object is set to 'false'. The value of this object when read is always 'false'." ::= { cssKeyEntry 3 } cssKeyLastCreationTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The time of the last creation of the key." ::= { cssKeyEntry 4 } cssKeyRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Status of this row." ::= { cssKeyEntry 5 } cssKeyString OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The SSH public key string that is generated." ::= { cssKeyEntry 6 } cssServiceCapability OBJECT-TYPE SYNTAX CssVersions MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates which versions of Secure Shell protocol are supported by the device. If the bit 'v1' is set to 1, it indicates that the device supports SSH protocol version 1. If the bit 'v2' is set to 1, it indicates that the device supports SSH protocol version 2." ::= { cssConfiguration 3 } cssServiceMode OBJECT-TYPE SYNTAX CssVersions MAX-ACCESS read-write STATUS current DESCRIPTION "This object specifies which versions of Secure Shell protocol connections that device will accept from Secure Shell clients. If the bit 'v1' is set to 1, the device will accept SSH version 1 connections. If the bit 'v2' is set to 1, the device will accept SSH version 2 connections. At least one of the version bits must be set to 1." ::= { cssConfiguration 4 } cssKeyGenerationStatus OBJECT-TYPE SYNTAX INTEGER { inProgress(1), successful(2), failed(3) } MAX-ACCESS read-only STATUS current DESCRIPTION "This object specifies the status of the last key generation request." ::= { cssConfiguration 5 } cssSessionTable OBJECT-TYPE SYNTAX SEQUENCE OF CssSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Table to list detailed information about existing Secure Shell sessions on the device." ::= { cssSessionInfo 1 } cssSessionEntry OBJECT-TYPE SYNTAX CssSessionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry in the cssSessionTable, that provides detailed information about all the existing SSH sessions on the device. An entry will be created for every SSH session established on the device. The entry will be removed upon termination of the SSH session." INDEX { cssSessionID } ::= { cssSessionTable 1 } CssSessionEntry ::= SEQUENCE { cssSessionID Unsigned32, cssSessionVersion INTEGER, cssSessionState INTEGER, cssSessionPID Unsigned32, cssSessionUserID SnmpAdminString, cssSessionHostAddrType InetAddressType, cssSessionHostAddr InetAddress } cssSessionID OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "An arbitrary index that uniquely identifies a Secure Shell Session" ::= { cssSessionEntry 1 } cssSessionVersion OBJECT-TYPE SYNTAX INTEGER { one(1), two(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the version of Secure Shell used by this session." ::= { cssSessionEntry 2 } cssSessionState OBJECT-TYPE SYNTAX INTEGER { sshSessionVersionOk(1), sshSessionKeysExchanged(2), sshSessionAuthenticated(3), sshSessionOpen(4), sshSessionDisconnecting(5), sshSessionDisconnected(6), sshSessionClosed(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the current state of Secure Shell Session. The state sshSessionVersionOk(1) indicates that server and client versions of SSH are exchanged and are compatible. The state sshSessionKeysExchanged(2) indicates that key exchange has been completed. The state sshSessionAuthenticated(3) indicates that the client has been successfully authenticated. The state sshSessionOpen(4) indicates that the session has been successfully opened. The state sshSessionDisconnecting(5) indicates that the session disconnection has begun. The state sshSessionDisconnected(6) indicates that the session has been disconnected. The state sshSessionClosed(7) indicates that the session has closed." ::= { cssSessionEntry 3 } cssSessionPID OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the process ID of the process serving this SSH session on the device." ::= { cssSessionEntry 4 } cssSessionUserID OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates user name associated with this SSH session." ::= { cssSessionEntry 5 } cssSessionHostAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "This object describes the type of Internet address used by host associated with this SSH session." ::= { cssSessionEntry 6 } cssSessionHostAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The object indicates the Internet address of the host associated with this SSH session." ::= { cssSessionEntry 7 } -- Conformance ciscoSecureShellMIBConformance OBJECT IDENTIFIER ::= { ciscoSecureShellMIB 2 } ciscoSecureShellMIBCompliances OBJECT IDENTIFIER ::= { ciscoSecureShellMIBConformance 1 } ciscoSecureShellMIBGroups OBJECT IDENTIFIER ::= { ciscoSecureShellMIBConformance 2 } ciscoSecureShellMIBCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for entities which implement the CISCO-SECURE-SHELL-MIB." MODULE MANDATORY-GROUPS { cssConfigurationGroup } OBJECT cssKeyRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6)} DESCRIPTION "Only 'createAndGo', 'destroy' and 'active' need to be supported. notInService, notReady and createAndWait will not be supported." ::= { ciscoSecureShellMIBCompliances 1 } ciscoSecureShellMIBComplianceRv1 MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for entities which implement the CISCO-SECURITY-MIB." MODULE MANDATORY-GROUPS { cssConfigurationGroupRev1 } OBJECT cssKeyRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6)} DESCRIPTION "Only 'createAndGo', 'destroy' and 'active' need to be supported. notInService, notReady and createAndWait will not be supported." ::= { ciscoSecureShellMIBCompliances 2 } ciscoSecureShellMIBComplianceRv2 MODULE-COMPLIANCE STATUS deprecated -- superceeded by -- ciscoSecureShellMIBComplianceRv3 DESCRIPTION "The compliance statement for entities which implement the CISCO-SECURE-SHELL-MIB." MODULE MANDATORY-GROUPS { cssConfigurationGroupRev1 } OBJECT cssKeyRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6)} DESCRIPTION "Only 'createAndGo', 'destroy' and 'active' need to be supported. notInService, notReady and createAndWait will not be supported." GROUP cssServiceModeCfgGroup DESCRIPTION "Implementation of this group is optional." GROUP cssSessionInfoGroup DESCRIPTION "Implementation of this group is optional." ::= { ciscoSecureShellMIBCompliances 3 } ciscoSecureShellMIBComplianceRv3 MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the CISCO-SECURE-SHELL-MIB." MODULE MANDATORY-GROUPS { cssConfigurationGroupRev1, cssConfigurationGroupSupp1 } OBJECT cssKeyRowStatus SYNTAX INTEGER { active(1), createAndGo(4), destroy(6)} DESCRIPTION "Only 'createAndGo', 'destroy' and 'active' need to be supported. notInService, notReady and createAndWait will not be supported." GROUP cssServiceModeCfgGroup DESCRIPTION "Implementation of this group is optional." GROUP cssSessionInfoGroup DESCRIPTION "Implementation of this group is optional." ::= { ciscoSecureShellMIBCompliances 4 } -- Units of Conformance cssConfigurationGroup OBJECT-GROUP OBJECTS { cssServiceActivation, cssKeyNBits, cssKeyOverWrite, cssKeyLastCreationTime, cssKeyRowStatus } STATUS deprecated DESCRIPTION "A collection of objects for SSH configuration." ::= { ciscoSecureShellMIBGroups 1 } cssConfigurationGroupRev1 OBJECT-GROUP OBJECTS { cssServiceActivation, cssKeyNBits, cssKeyOverWrite, cssKeyLastCreationTime, cssKeyString, cssKeyRowStatus } STATUS current DESCRIPTION "A collection of objects for SSH configuration." ::= { ciscoSecureShellMIBGroups 2 } cssServiceModeCfgGroup OBJECT-GROUP OBJECTS { cssServiceCapability, cssServiceMode } STATUS current DESCRIPTION "A collection of objects for SSH mode configuration." ::= { ciscoSecureShellMIBGroups 3 } cssSessionInfoGroup OBJECT-GROUP OBJECTS { cssSessionVersion, cssSessionState, cssSessionPID, cssSessionUserID, cssSessionHostAddrType, cssSessionHostAddr } STATUS current DESCRIPTION "A collection of objects to display SSH session related information." ::= { ciscoSecureShellMIBGroups 4 } cssConfigurationGroupSupp1 OBJECT-GROUP OBJECTS { cssKeyGenerationStatus } STATUS current DESCRIPTION "A collection of objects for SSH configuration." ::= { ciscoSecureShellMIBGroups 5 } END