1-- ********************************************************************* 2-- CISCO-SECURE-SHELL-MIB.my: Cisco Secure Shell Mib 3-- 4-- October 2002, Charuhas Ghatge 5-- April 2004, Dipesh Gorashia 6-- 7-- Copyright (c) 2002, 2003, 2004 by cisco Systems, Inc. 8-- All rights reserved. 9-- 10-- ********************************************************************* 11 12CISCO-SECURE-SHELL-MIB DEFINITIONS ::= BEGIN 13 14IMPORTS 15 MODULE-IDENTITY, OBJECT-TYPE, 16 Integer32, Unsigned32 FROM SNMPv2-SMI 17 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 18 RowStatus, TimeStamp, DisplayString, 19 TruthValue, TEXTUAL-CONVENTION FROM SNMPv2-TC 20 SnmpAdminString FROM SNMP-FRAMEWORK-MIB 21 InetAddressType, InetAddress FROM INET-ADDRESS-MIB 22 ciscoMgmt FROM CISCO-SMI; 23 24 25ciscoSecureShellMIB MODULE-IDENTITY 26 LAST-UPDATED "200506010000Z" 27 ORGANIZATION "Cisco Systems, Inc." 28 CONTACT-INFO 29 "Cisco Systems 30 Postal: 170 W Tasman Drive 31 San Jose, CA 95134 32 USA 33 Tel: +1 800 553 -NETS 34 E-mail: cs-san@cisco.com, 35 cs-lan-switch-snmp@cisco.com" 36 DESCRIPTION 37 "MIB module for displaying and configuring 38 accounting and Secure Shell (SSH) related 39 features in a device. 40 41 SSH is a program to log into another computer over 42 a network, to execute commands in a remote machine 43 and to move files from one machine to another. It 44 provides strong authentication and secure communications 45 over unsecure channels. 46 47 For more information on SSH, please refer to IETF draft, 48 draft-ietf-tls-ssh-00.txt." 49 50 REVISION "200506010000Z" 51 DESCRIPTION 52 "Added cssKeyGenerationStatus" 53 REVISION "200404050000Z" 54 DESCRIPTION 55 "Added cssServiceModeCfgGroup and cssSessionInfoGroup 56 to the MIB module." 57 58 REVISION "200309180000Z" 59 DESCRIPTION 60 "Added cssKeyString object to the cssKeyTable. 61 Changed the description of cssServiceActivation" 62 REVISION "200210050000Z" 63 DESCRIPTION 64 "Initial version of this MIB module." 65 ::= { ciscoMgmt 339 } 66 67 68ciscoSecureShellMIBObjects 69 OBJECT IDENTIFIER ::= { ciscoSecureShellMIB 1 } 70 71cssConfiguration 72 OBJECT IDENTIFIER ::= { ciscoSecureShellMIBObjects 1 } 73 74cssSessionInfo 75 OBJECT IDENTIFIER ::= { ciscoSecureShellMIBObjects 2 } 76 77 78CssVersions ::= TEXTUAL-CONVENTION 79 STATUS current 80 DESCRIPTION 81 "An indication of the Secure Shell protocol versions 82 supported or enabled on the device." 83 SYNTAX BITS { 84 v1(0), -- ssh v1 85 v2(1) -- ssh v2 86 } 87 88-- The SSH Configuration group 89 90cssServiceActivation OBJECT-TYPE 91 SYNTAX TruthValue 92 MAX-ACCESS read-write 93 STATUS current 94 DESCRIPTION 95 "Enables or disables the Secure Shell (SSH) service on 96 the device. 97 " 98 DEFVAL { false } 99 ::= { cssConfiguration 1 } 100 101cssKeyTable OBJECT-TYPE 102 SYNTAX SEQUENCE OF CssKeyEntry 103 MAX-ACCESS not-accessible 104 STATUS current 105 DESCRIPTION 106 "cssKeyTable is a table that lets the user configure 107 the SSH keys" 108 ::= { cssConfiguration 2 } 109 110cssKeyEntry OBJECT-TYPE 111 SYNTAX CssKeyEntry 112 MAX-ACCESS not-accessible 113 STATUS current 114 DESCRIPTION 115 "A SSH key table entry. The index specifies which 116 protocol the user wants to generate the key for. 117 118 To create the key for a protocol (for the first time), 119 following steps are to be taken by the Network 120 Management System. 121 122 1. Choose the Protocol, by specifying the cssKeyIndex 123 2. Choose nbits, by specifying the cssKeyNBits value 124 3. cssKeyRowStatus as createAndGo (4) 125 126 To delete the key for a protocol, following steps 127 are to be taken by the Network Management System 128 129 1. Choose the Protocol, by specifying the cssKeyIndex 130 2. cssKeyRowStatus as destroy (6) 131 132 To overwrite the existing key for a protocol 133 134 1. Choose the Protocol, by specifying the cssKeyIndex 135 2. Choose the nbits, by specifying the cssKeyNBits value 136 3. cssKeyOverWrite as true(1)." 137 INDEX { cssKeyIndex } 138 ::= { cssKeyTable 1 } 139 140CssKeyEntry ::= 141 SEQUENCE { 142 cssKeyIndex INTEGER, 143 cssKeyNBits Integer32, 144 cssKeyOverWrite TruthValue, 145 cssKeyLastCreationTime TimeStamp, 146 cssKeyRowStatus RowStatus, 147 cssKeyString DisplayString 148 } 149 150cssKeyIndex OBJECT-TYPE 151 SYNTAX INTEGER { 152 rsa(1), 153 rsa1(2), 154 dsa(3) 155 } 156 MAX-ACCESS not-accessible 157 STATUS current 158 DESCRIPTION 159 "The SSH Protocol Identifier for which this entry 160 pertains to. The protocol can be rsa1, dsa or rsa. 161 162 rsa - A public-key cryptosystem defined by Rivest, 163 Shamir and Adleman. This is used with version 2 164 of the SSH. 165 166 rsa1 - Same as rsa, but this is used with version 1 of 167 the SSH. 168 169 dsa - Digital Signature Algorithm, a public key 170 cipher used to generate digital signatures." 171 ::= { cssKeyEntry 1 } 172 173cssKeyNBits OBJECT-TYPE 174 SYNTAX Integer32 (512..2048) 175 MAX-ACCESS read-create 176 STATUS current 177 DESCRIPTION 178 "The number of bits provided to generate the key. 179 This determines the length of the kestring 180 generated by the SSH. 181 182 This object cannot be modified while this row is 183 active, unless the associated cssKeyOverWrite 184 object is set to True in the same Set PDU." 185 ::= { cssKeyEntry 2 } 186 187cssKeyOverWrite OBJECT-TYPE 188 SYNTAX TruthValue 189 MAX-ACCESS read-create 190 STATUS current 191 DESCRIPTION 192 "This object specifies whether an existing key for 193 the protocol should be overwritten with a new key. 194 No action is taken if this object is set to 'false'. 195 The value of this object when read is always 'false'." 196 ::= { cssKeyEntry 3 } 197 198cssKeyLastCreationTime OBJECT-TYPE 199 SYNTAX TimeStamp 200 MAX-ACCESS read-only 201 STATUS current 202 DESCRIPTION 203 "The time of the last creation of the key." 204 ::= { cssKeyEntry 4 } 205 206cssKeyRowStatus OBJECT-TYPE 207 SYNTAX RowStatus 208 MAX-ACCESS read-create 209 STATUS current 210 DESCRIPTION 211 "Status of this row." 212 ::= { cssKeyEntry 5 } 213 214cssKeyString OBJECT-TYPE 215 SYNTAX DisplayString (SIZE (0..255)) 216 MAX-ACCESS read-only 217 STATUS current 218 DESCRIPTION 219 "The SSH public key string that is generated." 220 ::= { cssKeyEntry 6 } 221 222cssServiceCapability OBJECT-TYPE 223 SYNTAX CssVersions 224 MAX-ACCESS read-only 225 STATUS current 226 DESCRIPTION 227 "The object indicates which versions of Secure Shell protocol 228 are supported by the device. 229 230 If the bit 'v1' is set to 1, it indicates that the device 231 supports SSH protocol version 1. 232 233 If the bit 'v2' is set to 1, it indicates that the device 234 supports SSH protocol version 2." 235 ::= { cssConfiguration 3 } 236 237cssServiceMode OBJECT-TYPE 238 SYNTAX CssVersions 239 MAX-ACCESS read-write 240 STATUS current 241 DESCRIPTION 242 "This object specifies which versions of Secure Shell 243 protocol connections that device will accept from 244 Secure Shell clients. 245 246 If the bit 'v1' is set to 1, the device will accept 247 SSH version 1 connections. 248 249 If the bit 'v2' is set to 1, the device will accept 250 SSH version 2 connections. 251 252 At least one of the version bits must be set to 1." 253 ::= { cssConfiguration 4 } 254 255 256cssKeyGenerationStatus OBJECT-TYPE 257 SYNTAX INTEGER { 258 inProgress(1), 259 successful(2), 260 failed(3) 261 } 262 MAX-ACCESS read-only 263 STATUS current 264 DESCRIPTION 265 "This object specifies the status of the last key 266 generation request." 267 ::= { cssConfiguration 5 } 268 269 270 271cssSessionTable OBJECT-TYPE 272 SYNTAX SEQUENCE OF CssSessionEntry 273 MAX-ACCESS not-accessible 274 STATUS current 275 DESCRIPTION 276 "Table to list detailed information about existing 277 Secure Shell sessions on the device." 278 ::= { cssSessionInfo 1 } 279 280cssSessionEntry OBJECT-TYPE 281 SYNTAX CssSessionEntry 282 MAX-ACCESS not-accessible 283 STATUS current 284 DESCRIPTION 285 "An entry in the cssSessionTable, that provides 286 detailed information about all the existing SSH sessions on 287 the device. 288 289 An entry will be created for every SSH session established 290 on the device. The entry will be removed upon termination 291 of the SSH session." 292 INDEX { cssSessionID } 293 ::= { cssSessionTable 1 } 294 295CssSessionEntry ::= 296 SEQUENCE { 297 cssSessionID Unsigned32, 298 cssSessionVersion INTEGER, 299 cssSessionState INTEGER, 300 cssSessionPID Unsigned32, 301 cssSessionUserID SnmpAdminString, 302 cssSessionHostAddrType InetAddressType, 303 cssSessionHostAddr InetAddress 304 } 305 306cssSessionID OBJECT-TYPE 307 SYNTAX Unsigned32 308 MAX-ACCESS not-accessible 309 STATUS current 310 DESCRIPTION 311 "An arbitrary index that uniquely identifies a Secure Shell 312 Session" 313 ::= { cssSessionEntry 1 } 314 315cssSessionVersion OBJECT-TYPE 316 SYNTAX INTEGER { one(1), 317 two(2) 318 } 319 MAX-ACCESS read-only 320 STATUS current 321 DESCRIPTION 322 "The object indicates the version of Secure Shell used by 323 this session." 324 ::= { cssSessionEntry 2 } 325 326cssSessionState OBJECT-TYPE 327 SYNTAX INTEGER { sshSessionVersionOk(1), 328 sshSessionKeysExchanged(2), 329 sshSessionAuthenticated(3), 330 sshSessionOpen(4), 331 sshSessionDisconnecting(5), 332 sshSessionDisconnected(6), 333 sshSessionClosed(7) 334 } 335 MAX-ACCESS read-only 336 STATUS current 337 DESCRIPTION 338 "The object indicates the current state of Secure Shell 339 Session. 340 341 The state sshSessionVersionOk(1) indicates that server and 342 client versions of SSH are exchanged and are compatible. 343 344 The state sshSessionKeysExchanged(2) indicates that key 345 exchange has been completed. 346 347 The state sshSessionAuthenticated(3) indicates that the 348 client has been successfully authenticated. 349 350 The state sshSessionOpen(4) indicates that the session has 351 been successfully opened. 352 353 The state sshSessionDisconnecting(5) indicates that the 354 session disconnection has begun. 355 356 The state sshSessionDisconnected(6) indicates that the 357 session has been disconnected. 358 359 The state sshSessionClosed(7) indicates that the session 360 has closed." 361 ::= { cssSessionEntry 3 } 362 363cssSessionPID OBJECT-TYPE 364 SYNTAX Unsigned32 365 MAX-ACCESS read-only 366 STATUS current 367 DESCRIPTION 368 "The object indicates the process ID of the process 369 serving this SSH session on the device." 370 ::= { cssSessionEntry 4 } 371 372cssSessionUserID OBJECT-TYPE 373 SYNTAX SnmpAdminString 374 MAX-ACCESS read-only 375 STATUS current 376 DESCRIPTION 377 "The object indicates user name associated with this 378 SSH session." 379 ::= { cssSessionEntry 5 } 380 381cssSessionHostAddrType OBJECT-TYPE 382 SYNTAX InetAddressType 383 MAX-ACCESS read-only 384 STATUS current 385 DESCRIPTION 386 "This object describes the type of Internet address used 387 by host associated with this SSH session." 388 ::= { cssSessionEntry 6 } 389 390cssSessionHostAddr OBJECT-TYPE 391 SYNTAX InetAddress 392 MAX-ACCESS read-only 393 STATUS current 394 DESCRIPTION 395 "The object indicates the Internet address of the host 396 associated with this SSH session." 397 ::= { cssSessionEntry 7 } 398 399 400 401-- Conformance 402 403ciscoSecureShellMIBConformance 404 OBJECT IDENTIFIER ::= { ciscoSecureShellMIB 2 } 405 406ciscoSecureShellMIBCompliances 407 OBJECT IDENTIFIER ::= { ciscoSecureShellMIBConformance 1 } 408 409ciscoSecureShellMIBGroups 410 OBJECT IDENTIFIER ::= { ciscoSecureShellMIBConformance 2 } 411 412 413ciscoSecureShellMIBCompliance MODULE-COMPLIANCE 414 STATUS deprecated 415 DESCRIPTION 416 "The compliance statement for entities which 417 implement the CISCO-SECURE-SHELL-MIB." 418 MODULE MANDATORY-GROUPS { 419 cssConfigurationGroup 420 } 421 422 OBJECT cssKeyRowStatus 423 SYNTAX INTEGER { 424 active(1), 425 createAndGo(4), 426 destroy(6)} 427 DESCRIPTION 428 "Only 'createAndGo', 'destroy' and 'active' need to 429 be supported. notInService, notReady and createAndWait 430 will not be supported." 431 ::= { ciscoSecureShellMIBCompliances 1 } 432 433ciscoSecureShellMIBComplianceRv1 MODULE-COMPLIANCE 434 STATUS deprecated 435 DESCRIPTION 436 "The compliance statement for entities which 437 implement the CISCO-SECURITY-MIB." 438 MODULE MANDATORY-GROUPS { 439 cssConfigurationGroupRev1 440 } 441 442 OBJECT cssKeyRowStatus 443 SYNTAX INTEGER { 444 active(1), 445 createAndGo(4), 446 destroy(6)} 447 DESCRIPTION 448 "Only 'createAndGo', 'destroy' and 'active' need to 449 be supported. notInService, notReady and createAndWait 450 will not be supported." 451 ::= { ciscoSecureShellMIBCompliances 2 } 452 453 454ciscoSecureShellMIBComplianceRv2 MODULE-COMPLIANCE 455 STATUS deprecated -- superceeded by 456 -- ciscoSecureShellMIBComplianceRv3 457 DESCRIPTION 458 "The compliance statement for entities which 459 implement the CISCO-SECURE-SHELL-MIB." 460 MODULE MANDATORY-GROUPS { 461 cssConfigurationGroupRev1 462 } 463 464 OBJECT cssKeyRowStatus 465 SYNTAX INTEGER { 466 active(1), 467 createAndGo(4), 468 destroy(6)} 469 DESCRIPTION 470 "Only 'createAndGo', 'destroy' and 'active' need to 471 be supported. notInService, notReady and createAndWait 472 will not be supported." 473 474 GROUP cssServiceModeCfgGroup 475 DESCRIPTION 476 "Implementation of this group is optional." 477 478 GROUP cssSessionInfoGroup 479 DESCRIPTION 480 "Implementation of this group is optional." 481 ::= { ciscoSecureShellMIBCompliances 3 } 482 483 484ciscoSecureShellMIBComplianceRv3 MODULE-COMPLIANCE 485 STATUS current 486 DESCRIPTION 487 "The compliance statement for entities which 488 implement the CISCO-SECURE-SHELL-MIB." 489 MODULE MANDATORY-GROUPS { 490 cssConfigurationGroupRev1, 491 cssConfigurationGroupSupp1 492 } 493 494 OBJECT cssKeyRowStatus 495 SYNTAX INTEGER { 496 active(1), 497 createAndGo(4), 498 destroy(6)} 499 DESCRIPTION 500 "Only 'createAndGo', 'destroy' and 'active' need to 501 be supported. notInService, notReady and createAndWait 502 will not be supported." 503 504 GROUP cssServiceModeCfgGroup 505 DESCRIPTION 506 "Implementation of this group is optional." 507 508 GROUP cssSessionInfoGroup 509 DESCRIPTION 510 "Implementation of this group is optional." 511 ::= { ciscoSecureShellMIBCompliances 4 } 512 513-- Units of Conformance 514 515cssConfigurationGroup OBJECT-GROUP 516 OBJECTS { 517 cssServiceActivation, 518 cssKeyNBits, 519 cssKeyOverWrite, 520 cssKeyLastCreationTime, 521 cssKeyRowStatus 522 } 523 STATUS deprecated 524 DESCRIPTION 525 "A collection of objects for SSH configuration." 526 ::= { ciscoSecureShellMIBGroups 1 } 527 528cssConfigurationGroupRev1 OBJECT-GROUP 529 OBJECTS { 530 cssServiceActivation, 531 cssKeyNBits, 532 cssKeyOverWrite, 533 cssKeyLastCreationTime, 534 cssKeyString, 535 cssKeyRowStatus 536 } 537 STATUS current 538 DESCRIPTION 539 "A collection of objects for SSH configuration." 540 ::= { ciscoSecureShellMIBGroups 2 } 541 542cssServiceModeCfgGroup OBJECT-GROUP 543 OBJECTS { 544 cssServiceCapability, 545 cssServiceMode 546 } 547 STATUS current 548 DESCRIPTION 549 "A collection of objects for SSH mode configuration." 550 ::= { ciscoSecureShellMIBGroups 3 } 551 552cssSessionInfoGroup OBJECT-GROUP 553 OBJECTS { 554 cssSessionVersion, 555 cssSessionState, 556 cssSessionPID, 557 cssSessionUserID, 558 cssSessionHostAddrType, 559 cssSessionHostAddr 560 } 561 STATUS current 562 DESCRIPTION 563 "A collection of objects to display SSH 564 session related information." 565 ::= { ciscoSecureShellMIBGroups 4 } 566 567cssConfigurationGroupSupp1 OBJECT-GROUP 568 OBJECTS { 569 cssKeyGenerationStatus 570 } 571 STATUS current 572 DESCRIPTION 573 "A collection of objects for SSH configuration." 574 ::= { ciscoSecureShellMIBGroups 5 } 575 576END 577