-- extracted from draft-ietf-isms-secshell-05.txt -- at Thu Oct 12 06:07:13 2006 SSHTM-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, mib-2, snmpDomains FROM SNMPv2-SMI TestAndIncr, TEXTUAL-CONVENTION, StorageType, RowStatus FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB TransportAddress, TransportAddressType FROM TRANSPORT-ADDRESS-MIB ; sshtmMIB MODULE-IDENTITY LAST-UPDATED "200610050000Z" ORGANIZATION "ISMS Working Group" CONTACT-INFO "WG-EMail: isms@lists.ietf.org Subscribe: isms-request@lists.ietf.org Chairs: Juergen Quittek NEC Europe Ltd. Network Laboratories Kurfuersten-Anlage 36 69115 Heidelberg Germany +49 6221 90511-15 quittek@netlab.nec.de Juergen Schoenwaelder International University Bremen Campus Ring 1 28725 Bremen Germany +49 421 200-3587 j.schoenwaelder@iu-bremen.de Co-editors: David Harrington Huawei Technologies USA 1700 Alma Drive Plano Texas 75075 USA +1 603-436-8634 ietfdbh@comcast.net Joseph Salowey Cisco Systems 2901 3rd Ave Seattle, WA 98121 USA jsalowey@cisco.com " DESCRIPTION "The Secure Shell Transport Model MIB Copyright (C) The Internet Society (2006). This version of this MIB module is part of RFC XXXX; see the RFC itself for full legal notices. -- NOTE to RFC editor: replace XXXX with actual RFC number -- for this document and remove this note " REVISION "200610050000Z" -- 02 September 2005 DESCRIPTION "The initial version, published in RFC XXXX. -- NOTE to RFC editor: replace XXXX with actual RFC number -- for this document and remove this note " ::= { mib-2 xxxx } -- RFC Ed.: replace xxxx with IANA-assigned number and -- remove this note -- ---------------------------------------------------------- -- -- subtrees in the SSHTM-MIB -- ---------------------------------------------------------- -- sshtmNotifications OBJECT IDENTIFIER ::= { sshtmMIB 0 } sshtmMIBObjects OBJECT IDENTIFIER ::= { sshtmMIB 1 } sshtmConformance OBJECT IDENTIFIER ::= { sshtmMIB 2 } -- ------------------------------------------------------------- -- Objects -- ------------------------------------------------------------- TransportAddressSSH ::= TEXTUAL-CONVENTION DISPLAY-HINT "1a" STATUS current DESCRIPTION "Represents either a hostname encoded in ASCII using the IDNA protocol, as specified in RFC3490, followed by a colon ':' (ASCII character 0x3A) and a decimal port number in ASCII, or an IP address followed by a colon ':' (ASCII character 0x3A) and a decimal port number in ASCII. The name SHOULD be fully qualified whenever possible. Values of this textual convention are not directly useable as transport-layer addressing information, and require runtime resolution. As such, applications that write them must be prepared for handling errors if such values are not supported, or cannot be resolved (if resolution occurs at the time of the management operation). The DESCRIPTION clause of TransportAddress objects that may have TransportAddressSSH values must fully describe how (and when) such names are to be resolved to IP addresses and vice versa. This textual convention SHOULD NOT be used directly in object definitions since it restricts addresses to a specific format. However, if it is used, it MAY be used either on its own or in conjunction with TransportAddressType or TransportDomain as a pair. When this textual convention is used as a syntax of an index object, there may be issues with the limit of 128 sub-identifiers specified in SMIv2, STD 58. In this case, the OBJECT-TYPE declaration MUST include a 'SIZE' clause to limit the number of potential instance sub-identifiers." SYNTAX OCTET STRING (SIZE (1..255)) transportDomainSSH OBJECT-IDENTITY STATUS current DESCRIPTION "The SSH transport domain. The corresponding transport address is of type TransportAddressSSH. When an SNMP entity uses the transportDomainSSH transport model, it must be capable of accepting messages up to and including 8192 octets in size. Implementation of larger values is encouraged whenever possible." ::= { snmpDomains yy } -- RFC Ed.: replace yy with IANA-assigned number and -- remove this note -- The sshtmSession Group sshtmSession OBJECT IDENTIFIER ::= { sshtmMIBObjects 1 } sshtmSessionCurrent OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current number of open sessions. " ::= { sshtmSession 1 } sshtmSessionMaxSupported OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum number of open sessions supported. The value zero indicates the maximum is dynamic. " ::= { sshtmSession 2 } sshtmSessionOpenErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times an openSession() request failed to open a Session. " ::= { sshtmSession 3 } sshtmSessionSecurityLevelNotAvailableErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times an outgoing message was discarded because a requested securityLevel could not provided. " ::= { sshtmSession 4 } sshtmSessionNoAvailableSessions OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of times a Response message was dropped because the corresponding session was no longer available. " ::= { sshtmSession 5 } -- The sshtmUser Group ******************************************** sshtmUser OBJECT IDENTIFIER ::= { sshtmMIBObjects 2 } sshtmUserSpinLock OBJECT-TYPE SYNTAX TestAndIncr MAX-ACCESS read-write STATUS current DESCRIPTION "An advisory lock used to allow several cooperating Command Generator Applications to coordinate their use of facilities to alter the sshtmUserTable. " ::= { sshtmUser 1 } -- The table of valid users for the SSH Transport Model ******** sshtmUserTable OBJECT-TYPE SYNTAX SEQUENCE OF SshtmUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of users configured in the SNMP engine's Local Configuration Datastore (LCD). Most configuration of this table is expected to be done by an agent dynamically. It is possible for an SNMP management application to pre-configure the table with static information useful for translating from an SSH-specific user to a model-independent securityName, or for statically configuring the only entities authorized to receive notifications. To create a new user (i.e., to instantiate a new conceptual row in this table), it is recommended to follow this procedure: 1) GET(sshtmUserSpinLock.0) and save in sValue. 2) SET(sshtmUserSpinLock.0=sValue, sshtmUserStatus=createAndWait) 3) configure the entry 4) SET(sshtmUserStatus=active) The new user should now be available and ready to be used for SNMPv3 communication. The use of sshtmUserSpinlock is to avoid conflicts with another SNMP command generator application which may also be acting on the sshtmUserTable. " ::= { sshtmUser 2 } sshtmUserEntry OBJECT-TYPE SYNTAX SshtmUserEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A user configured in the SNMP engine's Local Configuration Datastore (LCD) for the SSH Transport Model. " INDEX { sshtmUserAddress, sshtmUserName } ::= { sshtmUserTable 1 } SshtmUserEntry ::= SEQUENCE { sshtmUserAddress TransportAddressSSH, sshtmUserSecurityName SnmpAdminString, sshtmUserName SnmpAdminString, sshtmUserStorageType StorageType, sshtmUserStatus RowStatus } sshtmUserAddress OBJECT-TYPE SYNTAX TransportAddressSSH MAX-ACCESS not-accessible STATUS current DESCRIPTION "A remote SNMP engine's SSH address. " ::= { sshtmUserEntry 1 } sshtmUserSecurityName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "A human readable string representing the user in Transport Model independent format. The default transformation of the sshtmUserName to the sshtmUserSecurityName and vice versa is the identity function so that the sshtmUserSecurityName is usually the same as the sshtmUserName. " ::= { sshtmUserEntry 2 } sshtmUserName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..32)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This is the user name used in the SSH_MSG_USERAUTH_REQUEST to authenticate the client. " ::= { sshtmUserEntry 3 } sshtmUserStorageType OBJECT-TYPE SYNTAX StorageType MAX-ACCESS read-create STATUS current DESCRIPTION "The storage type for this conceptual row. It is an implementation issue to decide if a SET for a readOnly or permanent row is accepted at all. In some contexts this may make sense, in others it may not. If a SET for a readOnly or permanent row is not accepted at all, then a 'wrongValue' error must be returned. " DEFVAL { nonVolatile } ::= { sshtmUserEntry 4 } sshtmUserStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this conceptual row. Until instances of all corresponding columns are appropriately configured, the value of the corresponding instance of the sshtmUserStatus column is 'notReady'. The value of this object has no effect on whether other objects in this conceptual row can be modified. " ::= { sshtmUserEntry 5 } -- ************************************************ -- sshtmMIB - Conformance Information -- ************************************************ sshtmGroups OBJECT IDENTIFIER ::= { sshtmConformance 1 } sshtmCompliances OBJECT IDENTIFIER ::= { sshtmConformance 2 } -- ************************************************ -- Units of conformance -- ************************************************ sshtmGroup OBJECT-GROUP OBJECTS { sshtmUserSpinLock, sshtmUserSecurityName, sshtmUserStorageType, sshtmUserStatus } STATUS current DESCRIPTION "A collection of objects for maintaining information of an SNMP engine which implements the SNMP Secure Shell Transport Model. " ::= { sshtmGroups 2 } -- ************************************************ -- Compliance statements -- ************************************************ sshtmCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP engines that support the SSHTM-MIB" MODULE MANDATORY-GROUPS { sshtmGroup } ::= { sshtmCompliances 1 } END -- -- Copyright (C) The Internet Society (2006). -- -- This document is subject to the rights, licenses and restrictions -- contained in BCP 78, and except as set forth therein, the authors -- retain all their rights. -- -- This document and the information contained herein are provided on an -- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS -- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET -- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, -- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE -- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED -- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -- -- Intellectual Property -- -- The IETF takes no position regarding the validity or scope of any -- Intellectual Property Rights or other rights that might be claimed to -- pertain to the implementation or use of the technology described in -- this document or the extent to which any license under such rights -- might or might not be available; nor does it represent that it has -- made any independent effort to identify any such rights. Information -- on the procedures with respect to rights in RFC documents can be -- found in BCP 78 and BCP 79. -- -- Copies of IPR disclosures made to the IETF Secretariat and any -- assurances of licenses to be made available, or the result of an -- attempt made to obtain a general license or permission for the use of -- such proprietary rights by implementers or users of this -- specification can be obtained from the IETF on-line IPR repository at -- http://www.ietf.org/ipr. -- -- The IETF invites any interested party to bring to its attention any -- copyrights, patents or patent applications, or other proprietary -- rights that may cover technology that may be required to implement -- this standard. Please address the information to the IETF at -- ietf-ipr@ietf.org. --