-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
libnetconf4 #442
Merged
Merged
libnetconf4 #442
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michalvasko
requested changes
Oct 19, 2023
Configuration based on YANG data. Open 2 ssh channels on one session. Pubkey,interactive,pw,none SSH authentication working. SSH message callback not a callback anymore, handle SSH messages manually. ietf-netconf-server and all models it imports added and a libnetconf2 own model with augments. And finally only local-definition of keys supported. 2 tests. NBC API changes.
Keystore is a module, which stores asymmetric and symmetric keys. This commit implements using asymmetric keys stored in the keystore for authentication over SSH.
Implemented the ability to create a UNIX socket server with YANG data. Additionally all new tests timeouts are now unified.
Hostkey, address, port (mandatory nodes) and SSH algorithms ietf-netconf-server YANG nodes now have functions, through which their YANG data can be created. This data can be used for server configuration. Test which fails at authentication (as expected) is provided. Minor bugfixes in server_config.
New API function, which creates the 'client-authentication' subtree of ietf-netconf-server module, added. Only public key configuration is supported for now. SSH authentication bugfix.
Added the API calls to create password, none and interactive YANG data nodes for the client-authentication subtree.
Clients now have to authenticate via all of their configured SSH authentication method as specified by the ietf-netconf-server module.
config_new now made an internal header, server_config added to installed ones. Includes reworked.
Client's keys can now be stored in the truststore module and used for the SSH authentication.
Example server now uses the new API for SSH connection. Minor bugfix in nc_server_config_ssh_new_address_port.
Added two new API calls, one of them sets the path to the known_hosts file and the other sets the behaviour of host key checking. Now the client's host key checking functionality is similar to the one described in man ssh_config under StrictHostKeyChecking.
Stop using the client tests for now, might be added back later.
ECDSA keys can now be used both as a hostkey and for client authentication. Three key pairs added for a new test.
Added new macro, which works just like ERRARG did before, but it can take variadic number (up to 5) of arguments and a session the error happened on. ERRARG still remains and has an extra session argument.
Added support for new privkey identities - PKCS8 and OpenSSH, which are missing in the ietf-netconf-server model. Renamed config_new to config_new_ssh.
Added the option to either use diff YANG data or ordinary ietf-netconf-server YANG data without any operation for configuring the server.
Trustore and keystore modules now support diff YANG data. Symmetric-keys keystore feature disabled. New private header for server configuration.
Also renamed store type from ks_type to store.
Added test for replacing configuration data. Renamed configuration setup API calls. Added loading JSON from files.
Added identities for libssh's host-key, key exchange, encryption and mac algs.
michalvasko
approved these changes
Oct 26, 2023
michalvasko
requested changes
Oct 30, 2023
Get endpoint references dynamically based on referenced endpt name. Also some tls fixes.
also delete obsolete shadow dependency
michalvasko
approved these changes
Nov 2, 2023
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New libnetconf2 API