-- ========================================================================= -- Copyright (c) 2010-2014 Hewlett-Packard Development Company, L.P. -- -- Description: Secure Shell(SSH) MIB -- Reference: draft-ylonen-ssh-protocol-00.txt -- Version: V1.2 -- History: -- V1.0 2007-11-19 created by ZhangJun 03132 -- Initial version. -- V1.1 2013-12-21 add enum value scp(5) in hpnicfSSHUserServiceType by DaiRuiqiang 04358. -- V1.2 2014-01-17 add enum value scp(4) in hpnicfSSHSessionServiceType by DaiRuiqiang 04358. -- 2014-02-20 add hpnicfSCPServerEnable and hpnicfSTelnetServerEnable by DaiRuiqiang 04358. -- ========================================================================= HPN-ICF-SSH-MIB DEFINITIONS ::= BEGIN IMPORTS hpnicfCommon FROM HPN-ICF-OID-MIB Integer32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE FROM SNMPv2-SMI InetAddressType, InetAddress FROM INET-ADDRESS-MIB DisplayString, RowStatus FROM SNMPv2-TC; hpnicfSSH MODULE-IDENTITY LAST-UPDATED "201402200000Z" ORGANIZATION "" CONTACT-INFO "" DESCRIPTION "This MIB is used to configure SSH server." REVISION "201402200000Z" DESCRIPTION "Add hpnicfSCPServerEnable and hpnicfSTelnetServerEnable." REVISION "201401170000Z" DESCRIPTION "Add enum value scp(4) in hpnicfSSHSessionServiceType." REVISION "201312210000Z" DESCRIPTION "Add enum value scp(5) in hpnicfSSHUserServiceType." REVISION "200711190000Z" DESCRIPTION "The initial version." ::= { hpnicfCommon 22 } -- -- Node definitions -- -- Scalar MIB objects are defined in this section. hpnicfSSHServerMIB OBJECT IDENTIFIER ::= { hpnicfSSH 1 } hpnicfSSHServerMIBObjects OBJECT IDENTIFIER ::= { hpnicfSSHServerMIB 1 } -- Scalar MIB objects, which are considered as global variables -- to SSH server, are defined in this section. hpnicfSSHServerGlobalConfig OBJECT IDENTIFIER ::= { hpnicfSSHServerMIBObjects 1 } hpnicfSSHServerVersion OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The protocol version of the SSH server." ::= { hpnicfSSHServerGlobalConfig 1 } hpnicfSSHServerCompatibleSSH1x OBJECT-TYPE SYNTAX INTEGER { enableCompatibleSSH1x(1), disableCompatibleSSH1x(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Supporting compatibility with SSH versions 1.x. It is known that there are still devices using the previous versions. During the transition period, it is important to be able to work in a way that is compatible with the installed SSH clients and servers that use the older version of the protocol." ::= { hpnicfSSHServerGlobalConfig 2 } hpnicfSSHServerRekeyInterval OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The time interval of regenerating SSH server key. The unit is hour." ::= { hpnicfSSHServerGlobalConfig 3 } hpnicfSSHServerAuthRetries OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The limit times of a specified user can retry." ::= { hpnicfSSHServerGlobalConfig 4 } hpnicfSSHServerAuthTimeout OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The SSH server has a timeout for authentication and disconnect if the authentication has not been accepted within the timeout period. The unit is second." ::= { hpnicfSSHServerGlobalConfig 5 } hpnicfSFTPServerIdleTimeout OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-write STATUS current DESCRIPTION "The SFTP server has a timeout for idle connection if a user has no activities within the timeout period. The unit is minute." ::= { hpnicfSSHServerGlobalConfig 6 } hpnicfSSHServerEnable OBJECT-TYPE SYNTAX INTEGER { enableSSHServer(1), disableSSHServer(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable SSH server function." ::= { hpnicfSSHServerGlobalConfig 7 } hpnicfSFTPServerEnable OBJECT-TYPE SYNTAX INTEGER { enableSFTPService(1), disableSFTPService(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable SFTP server function." ::= { hpnicfSSHServerGlobalConfig 8 } hpnicfSTelnetServerEnable OBJECT-TYPE SYNTAX INTEGER { enableSTelnetServer(1), disableSTelnetServer(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable STelnet server function." ::= { hpnicfSSHServerGlobalConfig 9 } hpnicfSCPServerEnable OBJECT-TYPE SYNTAX INTEGER { enableSCPService(1), disableSCPService(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "Enable SCP server function." ::= { hpnicfSSHServerGlobalConfig 10 } -- SSH users are defined in this section. hpnicfSSHUserConfig OBJECT IDENTIFIER ::= { hpnicfSSHServerMIBObjects 2 } -- Define a group which consists of all objects used for users. hpnicfSSHUserConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfSSHUserConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for managing SSH users." ::= { hpnicfSSHUserConfig 1 } hpnicfSSHUserConfigEntry OBJECT-TYPE SYNTAX HpnicfSSHUserConfigEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "SSH users configuration entry." INDEX { hpnicfSSHUserName } ::= { hpnicfSSHUserConfigTable 1 } HpnicfSSHUserConfigEntry ::= SEQUENCE { hpnicfSSHUserName DisplayString, hpnicfSSHUserServiceType INTEGER, hpnicfSSHUserAuthType INTEGER, hpnicfSSHUserPublicKeyName DisplayString, hpnicfSSHUserWorkDirectory DisplayString, hpnicfSSHUserRowStatus RowStatus } hpnicfSSHUserName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of SSH user." ::= { hpnicfSSHUserConfigEntry 1 } hpnicfSSHUserServiceType OBJECT-TYPE SYNTAX INTEGER { invalid(1), all(2), stelnet(3), sftp(4), scp(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The service type of SSH user uses." DEFVAL { invalid } ::= { hpnicfSSHUserConfigEntry 2 } hpnicfSSHUserAuthType OBJECT-TYPE SYNTAX INTEGER { invalid(1), password(2), publicKey(3), any(4), publicKeyPassword(5) } MAX-ACCESS read-create STATUS current DESCRIPTION "The authentication type of SSH user chooses." DEFVAL { invalid } ::= { hpnicfSSHUserConfigEntry 3 } hpnicfSSHUserPublicKeyName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-create STATUS current DESCRIPTION "The public key which is used for authentication." DEFVAL { "" } ::= { hpnicfSSHUserConfigEntry 4 } hpnicfSSHUserWorkDirectory OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-create STATUS current DESCRIPTION "The SFTP user's work directory associates with an existing user." DEFVAL { "" } ::= { hpnicfSSHUserConfigEntry 5 } hpnicfSSHUserRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The row status variable, used in accordance to installation and removal conventions for conceptual rows. When the `hpnicfSSHUserRowStatus' is set to active(1), no objects in this table can be modified. When 'hpnicfSSHUserRowStatus' is set to notInService(2), every object except the 'hpnicfSSHUserName' object in this table can be modified. To create a row in this table, a manager must set this object to createAndGo(4). Until instances of all corresponding columns are appropriately configured, the value of the corresponding instance of the hpnicfSSHUserRowStatus column is 'notReady'." ::= { hpnicfSSHUserConfigEntry 6 } -- Define a group which consists of all objects used for sessions. hpnicfSSHSessionInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF HpnicfSSHSessionInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table for SSH sessions." ::= { hpnicfSSHServerMIBObjects 3 } hpnicfSSHSessionInfoEntry OBJECT-TYPE SYNTAX HpnicfSSHSessionInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The SSH session information entry." INDEX { hpnicfSSHSessionID } ::= { hpnicfSSHSessionInfoTable 1 } HpnicfSSHSessionInfoEntry ::= SEQUENCE { hpnicfSSHSessionID Integer32, hpnicfSSHSessionUserName DisplayString, hpnicfSSHSessionUserIpAddrType InetAddressType, hpnicfSSHSessionUserIpAddr InetAddress, hpnicfSSHSessionClientVersion DisplayString, hpnicfSSHSessionServiceType INTEGER, hpnicfSSHSessionEncry INTEGER, hpnicfSSHSessionState INTEGER } hpnicfSSHSessionID OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "The identifier of SSH session." ::= { hpnicfSSHSessionInfoEntry 1 } hpnicfSSHSessionUserName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The user name of SSH session." ::= { hpnicfSSHSessionInfoEntry 2 } hpnicfSSHSessionUserIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "The user IP address type of SSH session." ::= { hpnicfSSHSessionInfoEntry 3 } hpnicfSSHSessionUserIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The user IP address of SSH session." ::= { hpnicfSSHSessionInfoEntry 4 } hpnicfSSHSessionClientVersion OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The client version of SSH session. It is known that there are still devices using the previous versions." ::= { hpnicfSSHSessionInfoEntry 5 } hpnicfSSHSessionServiceType OBJECT-TYPE SYNTAX INTEGER { invalid(1), stelnet(2), sftp(3), scp(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The service type of SSH session." ::= { hpnicfSSHSessionInfoEntry 6 } hpnicfSSHSessionEncry OBJECT-TYPE SYNTAX INTEGER { invalid(1), aes128CBC(2), desCBC(3), des3CBC(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The encryption algorithm of SSH session. There are several encryption algorithms used in SSH protocol, please refer to RFC4253 Section 6.3." ::= { hpnicfSSHSessionInfoEntry 7 } hpnicfSSHSessionState OBJECT-TYPE SYNTAX INTEGER { init(1), verExchange(2), keysExchange(3), authRequest(4), serviceRequest(5), established(6), disconnect(7) } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of SSH session. init : This session is in initial status. verExchange : This session is in version exchanging. keysExchange : This session is in keys exchanging. authRequest : This session is in authentication requesting. serviceRequest : This session is in service requesting. established : This session has been established. disconnected : This session has been disconnected." ::= { hpnicfSSHSessionInfoEntry 8 } -- Define a group which consists of all objects used for trap. hpnicfSSHServerObjForTrap OBJECT IDENTIFIER ::= { hpnicfSSHServerMIB 2 } hpnicfSSHAttemptUserName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The user name of the attacker who attempted to log in." ::= { hpnicfSSHServerObjForTrap 1 } hpnicfSSHAttemptIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The IP address type of the attacker who attempted to log in." ::= { hpnicfSSHServerObjForTrap 2 } hpnicfSSHAttemptIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The IP address of the attacker who attempted to log in." ::= { hpnicfSSHServerObjForTrap 3 } hpnicfSSHUserAuthFailureReason OBJECT-TYPE SYNTAX INTEGER { exceedRetries(1), authTimeout(2), otherReason(3) } MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The reason for that a user failed to log in." ::= { hpnicfSSHServerObjForTrap 4 } -- -- Notification definitions -- -- ================================================================= -- Traps are defined below. hpnicfSSHServerNotifications OBJECT IDENTIFIER ::= { hpnicfSSHServerMIB 3 } -- All trap definitions should be placed under this object. hpnicfSSHServerNotificationsPrefix OBJECT IDENTIFIER ::= { hpnicfSSHServerNotifications 0 } -- All objects used for TRAP only are defined here. hpnicfSSHUserAuthFailure NOTIFICATION-TYPE OBJECTS { hpnicfSSHAttemptUserName, hpnicfSSHAttemptIpAddrType, hpnicfSSHAttemptIpAddr, hpnicfSSHUserAuthFailureReason } STATUS current DESCRIPTION "The trap is generated when a user fails to authentication." ::= { hpnicfSSHServerNotificationsPrefix 1 } hpnicfSSHVersionNegotiationFailure NOTIFICATION-TYPE OBJECTS { hpnicfSSHAttemptIpAddrType, hpnicfSSHAttemptIpAddr } STATUS current DESCRIPTION "The trap is generated when a user fails to negotiate SSH protocol version." ::= { hpnicfSSHServerNotificationsPrefix 2 } hpnicfSSHUserLogin NOTIFICATION-TYPE OBJECTS { hpnicfSSHSessionUserName, hpnicfSSHSessionUserIpAddrType, hpnicfSSHSessionUserIpAddr } STATUS current DESCRIPTION "The trap is generated when a user logs in successfully." ::= { hpnicfSSHServerNotificationsPrefix 3 } hpnicfSSHUserLogoff NOTIFICATION-TYPE OBJECTS { hpnicfSSHSessionUserName, hpnicfSSHSessionUserIpAddrType, hpnicfSSHSessionUserIpAddr } STATUS current DESCRIPTION "The trap is generated when a user logs off." ::= { hpnicfSSHServerNotificationsPrefix 4 } END