WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/h3c/H3C-SSH-MIB

619 lines
20 KiB
Plaintext
Raw Blame History

-- =========================================================================
-- Copyright (c) 2004-2018 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
--
-- Description: Secure Shell(SSH) MIB
-- Reference: draft-ylonen-ssh-protocol-00.txt
-- Version: V1.4
-- History:
-- V1.0 2007-11-19 created by ZhangJun 03132
-- Initial version.
-- V1.1 2013-12-21 Added enum value scp(5) to h3cSSHUserServiceType by DaiRuiqiang 04358.
-- V1.2 2014-01-17 Added enum value scp(4) to h3cSSHSessionServiceType by DaiRuiqiang 04358.
-- 2014-02-20 Added h3cSCPServerEnable and h3cSTelnetServerEnable by DaiRuiqiang 04358.
-- V1.3 2014-10-25 Added enum value netconf(6) to h3cSSHUserServiceType,
-- added enum value netconf(5) to h3cSSHSessionServiceType by DaiRuiqiang 04358.
-- V1.4 2016-04-26 Added h3cSSHUserPublicKeyName2 to H3cSSHUserConfigEntry,
-- added h3cSSHUserPublicKeyName3 to H3cSSHUserConfigEntry,
-- added h3cSSHUserPublicKeyName4 to H3cSSHUserConfigEntry,
-- added h3cSSHUserPublicKeyName5 to H3cSSHUserConfigEntry,
-- added h3cSSHUserPublicKeyName6 to H3cSSHUserConfigEntry by DaiRuiqiang 04358.
-- Added enum values aes128CTR(5), aes192CTR(6), aes256CTR(7), aes128GCM(8),
-- aes256GCM(9), and aes256CBC(10) to h3cSSHSessionEncry by DaiRuiqiang 04358.
-- 2018-02-06 Added enum value keyboard-interactive(6) in h3cSSHUserAuthType by DaiRuiqiang 04358
-- =========================================================================
H3C-SSH-MIB DEFINITIONS ::= BEGIN
IMPORTS
h3cCommon
FROM HUAWEI-3COM-OID-MIB
Integer32, OBJECT-TYPE, MODULE-IDENTITY, NOTIFICATION-TYPE
FROM SNMPv2-SMI
InetAddressType, InetAddress
FROM INET-ADDRESS-MIB
DisplayString, RowStatus
FROM SNMPv2-TC;
h3cSSH MODULE-IDENTITY
LAST-UPDATED "201802060000Z"
ORGANIZATION
"Hangzhou H3C Tech. Co., Ltd."
CONTACT-INFO
"Platform Team Hangzhou H3C Tech. Co., Ltd.
Hai-Dian District Beijing P.R. China
http://www.h3c.com
Zip:100085"
DESCRIPTION
"This MIB is used to configure SSH server."
REVISION "201802060000Z"
DESCRIPTION
"Added enum value keyboardInteractive(6) to h3cSSHUserAuthType."
REVISION "201604260000Z"
DESCRIPTION
"Added enum values aes128CTR(5), aes192CTR(6), aes256CTR(7), aes128GCM(8),
aes256GCM(9), and aes256CBC(10) to h3cSSHSessionEncry.
Added h3cSSHUserPublicKeyName2, and h3cSSHUserPublicKeyName3, h3cSSHUserPublicKeyName4,
h3cSSHUserPublicKeyName5, and h3cSSHUserPublicKeyName6 to H3cSSHUserConfigEntry."
REVISION "201410250000Z"
DESCRIPTION
"Added enum value netconf(6) to h3cSSHUserServiceType, add enum value netconf(5) to h3cSSHSessionServiceType."
REVISION "201402200000Z"
DESCRIPTION
"Added h3cSCPServerEnable and h3cSTelnetServerEnable."
REVISION "201401170000Z"
DESCRIPTION
"Added enum value scp(4) to h3cSSHSessionServiceType."
REVISION "201312210000Z"
DESCRIPTION
"Added enum value scp(5) to h3cSSHUserServiceType."
REVISION "200711190000Z"
DESCRIPTION
"The initial version."
::= { h3cCommon 22 }
--
-- Node definitions
--
-- Scalar MIB objects are defined in this section.
h3cSSHServerMIB OBJECT IDENTIFIER ::= { h3cSSH 1 }
h3cSSHServerMIBObjects OBJECT IDENTIFIER ::= { h3cSSHServerMIB 1 }
-- Scalar MIB objects, which are considered as global variables
-- to SSH server, are defined in this section.
h3cSSHServerGlobalConfig OBJECT IDENTIFIER ::= { h3cSSHServerMIBObjects 1 }
h3cSSHServerVersion OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The protocol version of the SSH server."
::= { h3cSSHServerGlobalConfig 1 }
h3cSSHServerCompatibleSSH1x OBJECT-TYPE
SYNTAX INTEGER
{
enableCompatibleSSH1x(1),
disableCompatibleSSH1x(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Supporting compatibility with SSH versions 1.x. It is
known that there are still devices using the previous
versions. During the transition period, it is important to
be able to work in a way that is compatible with the
installed SSH clients and servers that use the older version
of the protocol."
::= { h3cSSHServerGlobalConfig 2 }
h3cSSHServerRekeyInterval OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The time interval of regenerating SSH server key. The unit
is hour."
::= { h3cSSHServerGlobalConfig 3 }
h3cSSHServerAuthRetries OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The limit times of a specified user can retry."
::= { h3cSSHServerGlobalConfig 4 }
h3cSSHServerAuthTimeout OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The SSH server has a timeout for authentication and
disconnect if the authentication has not been accepted
within the timeout period. The unit is second."
::= { h3cSSHServerGlobalConfig 5 }
h3cSFTPServerIdleTimeout OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The SFTP server has a timeout for idle connection if a user
has no activities within the timeout period. The unit is
minute."
::= { h3cSSHServerGlobalConfig 6 }
h3cSSHServerEnable OBJECT-TYPE
SYNTAX INTEGER
{
enableSSHServer(1),
disableSSHServer(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable SSH server function."
::= { h3cSSHServerGlobalConfig 7 }
h3cSFTPServerEnable OBJECT-TYPE
SYNTAX INTEGER
{
enableSFTPService(1),
disableSFTPService(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable SFTP server function."
::= { h3cSSHServerGlobalConfig 8 }
h3cSTelnetServerEnable OBJECT-TYPE
SYNTAX INTEGER
{
enableSTelnetServer(1),
disableSTelnetServer(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable STelnet server function."
::= { h3cSSHServerGlobalConfig 9 }
h3cSCPServerEnable OBJECT-TYPE
SYNTAX INTEGER
{
enableSCPService(1),
disableSCPService(2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Enable SCP server function."
::= { h3cSSHServerGlobalConfig 10 }
-- SSH users are defined in this section.
h3cSSHUserConfig OBJECT IDENTIFIER ::= { h3cSSHServerMIBObjects 2 }
-- Define a group which consists of all objects used for users.
h3cSSHUserConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF H3cSSHUserConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table for managing SSH users."
::= { h3cSSHUserConfig 1 }
h3cSSHUserConfigEntry OBJECT-TYPE
SYNTAX H3cSSHUserConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"SSH users configuration entry."
INDEX
{
h3cSSHUserName
}
::= { h3cSSHUserConfigTable 1 }
H3cSSHUserConfigEntry ::= SEQUENCE
{
h3cSSHUserName DisplayString,
h3cSSHUserServiceType INTEGER,
h3cSSHUserAuthType INTEGER,
h3cSSHUserPublicKeyName DisplayString,
h3cSSHUserWorkDirectory DisplayString,
h3cSSHUserRowStatus RowStatus,
h3cSSHUserPublicKeyName2 DisplayString,
h3cSSHUserPublicKeyName3 DisplayString,
h3cSSHUserPublicKeyName4 DisplayString,
h3cSSHUserPublicKeyName5 DisplayString,
h3cSSHUserPublicKeyName6 DisplayString
}
h3cSSHUserName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of SSH user."
::= { h3cSSHUserConfigEntry 1 }
h3cSSHUserServiceType OBJECT-TYPE
SYNTAX INTEGER
{
invalid(1),
all(2),
stelnet(3),
sftp(4),
scp(5),
netconf(6)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The service type of SSH user uses."
DEFVAL { invalid }
::= { h3cSSHUserConfigEntry 2 }
h3cSSHUserAuthType OBJECT-TYPE
SYNTAX INTEGER
{
invalid(1),
password(2),
publicKey(3),
any(4),
publicKeyPassword(5),
keyboardInteractive(6)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The authentication type of SSH user chooses."
DEFVAL { invalid }
::= { h3cSSHUserConfigEntry 3 }
h3cSSHUserPublicKeyName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The public key which is used for authentication.
A maximum of 6 public keys can be assigned to one user.
If multiple public keys are assigned, the user
can log in to the SSH server from different devices at the
same time by using different public keys."
DEFVAL { "" }
::= { h3cSSHUserConfigEntry 4 }
h3cSSHUserWorkDirectory OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The SFTP user's work directory associates with an existing user."
DEFVAL { "" }
::= { h3cSSHUserConfigEntry 5 }
h3cSSHUserRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The row status variable, used in accordance to installation
and removal conventions for conceptual rows.
When the `h3cSSHUserRowStatus' is set to active(1), no objects
in this table can be modified.
When 'h3cSSHUserRowStatus' is set to notInService(2), every object
except the 'h3cSSHUserName' object in this table can be modified.
To create a row in this table, a manager must set this object
to createAndGo(4). Until instances of all corresponding columns
are appropriately configured, the value of the corresponding
instance of the h3cSSHUserRowStatus column is 'notReady'."
::= { h3cSSHUserConfigEntry 6 }
h3cSSHUserPublicKeyName2 OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The public key which is used for authentication.
A maximum of 6 public keys can be assigned to one user.
If multiple public keys are assigned, the user
can log in to the SSH server from different devices at the
same time by using different public keys."
DEFVAL { "" }
::= { h3cSSHUserConfigEntry 7 }
h3cSSHUserPublicKeyName3 OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The public key which is used for authentication.
A maximum of 6 public keys can be assigned to one user.
If multiple public keys are assigned, the user
can log in to the SSH server from different devices at the
same time by using different public keys."
DEFVAL { "" }
::= { h3cSSHUserConfigEntry 8 }
h3cSSHUserPublicKeyName4 OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The public key which is used for authentication.
A maximum of 6 public keys can be assigned to one user.
If multiple public keys are assigned, the user
can log in to the SSH server from different devices at the
same time by using different public keys."
DEFVAL { "" }
::= { h3cSSHUserConfigEntry 9 }
h3cSSHUserPublicKeyName5 OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The public key which is used for authentication.
A maximum of 6 public keys can be assigned to one user.
If multiple public keys are assigned, the user
can log in to the SSH server from different devices at the
same time by using different public keys."
DEFVAL { "" }
::= { h3cSSHUserConfigEntry 10 }
h3cSSHUserPublicKeyName6 OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The public key which is used for authentication.
A maximum of 6 public keys can be assigned to one user.
If multiple public keys are assigned, the user
can log in to the SSH server from different devices at the
same time by using different public keys."
DEFVAL { "" }
::= { h3cSSHUserConfigEntry 11 }
-- Define a group which consists of all objects used for sessions.
h3cSSHSessionInfoTable OBJECT-TYPE
SYNTAX SEQUENCE OF H3cSSHSessionInfoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table for SSH sessions."
::= { h3cSSHServerMIBObjects 3 }
h3cSSHSessionInfoEntry OBJECT-TYPE
SYNTAX H3cSSHSessionInfoEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The SSH session information entry."
INDEX
{
h3cSSHSessionID
}
::= { h3cSSHSessionInfoTable 1 }
H3cSSHSessionInfoEntry ::= SEQUENCE
{
h3cSSHSessionID Integer32,
h3cSSHSessionUserName DisplayString,
h3cSSHSessionUserIpAddrType InetAddressType,
h3cSSHSessionUserIpAddr InetAddress,
h3cSSHSessionClientVersion DisplayString,
h3cSSHSessionServiceType INTEGER,
h3cSSHSessionEncry INTEGER,
h3cSSHSessionState INTEGER
}
h3cSSHSessionID OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The identifier of SSH session."
::= { h3cSSHSessionInfoEntry 1 }
h3cSSHSessionUserName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The user name of SSH session."
::= { h3cSSHSessionInfoEntry 2 }
h3cSSHSessionUserIpAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The user IP address type of SSH session."
::= { h3cSSHSessionInfoEntry 3 }
h3cSSHSessionUserIpAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The user IP address of SSH session."
::= { h3cSSHSessionInfoEntry 4 }
h3cSSHSessionClientVersion OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The client version of SSH session. It is known that there are still
devices using the previous versions."
::= { h3cSSHSessionInfoEntry 5 }
h3cSSHSessionServiceType OBJECT-TYPE
SYNTAX INTEGER
{
invalid(1),
stelnet(2),
sftp(3),
scp(4),
netconf(5)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The service type of SSH session."
::= { h3cSSHSessionInfoEntry 6 }
h3cSSHSessionEncry OBJECT-TYPE
SYNTAX INTEGER
{
invalid(1),
aes128CBC(2),
desCBC(3),
des3CBC(4),
aes128CTR(5),
aes192CTR(6),
aes256CTR(7),
aes128GCM(8),
aes256GCM(9),
aes256CBC(10)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The encryption algorithm of SSH session. There are several encryption
algorithms used in SSH protocol, please refer to RFC4253 Section 6.3."
::= { h3cSSHSessionInfoEntry 7 }
h3cSSHSessionState OBJECT-TYPE
SYNTAX INTEGER
{
init(1),
verExchange(2),
keysExchange(3),
authRequest(4),
serviceRequest(5),
established(6),
disconnect(7)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The status of SSH session.
init : This session is in initial status.
verExchange : This session is in version exchanging.
keysExchange : This session is in keys exchanging.
authRequest : This session is in authentication requesting.
serviceRequest : This session is in service requesting.
established : This session has been established.
disconnected : This session has been disconnected."
::= { h3cSSHSessionInfoEntry 8 }
-- Define a group which consists of all objects used for trap.
h3cSSHServerObjForTrap OBJECT IDENTIFIER ::= { h3cSSHServerMIB 2 }
h3cSSHAttemptUserName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The user name of the attacker who attempted to log in."
::= { h3cSSHServerObjForTrap 1 }
h3cSSHAttemptIpAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The IP address type of the attacker who attempted to log in."
::= { h3cSSHServerObjForTrap 2 }
h3cSSHAttemptIpAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The IP address of the attacker who attempted to log in."
::= { h3cSSHServerObjForTrap 3 }
h3cSSHUserAuthFailureReason OBJECT-TYPE
SYNTAX INTEGER
{
exceedRetries(1),
authTimeout(2),
otherReason(3)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The reason for that a user failed to log in."
::= { h3cSSHServerObjForTrap 4 }
--
-- Notification definitions
--
-- =================================================================
-- Traps are defined below.
h3cSSHServerNotifications OBJECT IDENTIFIER ::= { h3cSSHServerMIB 3 }
-- All trap definitions should be placed under this object.
h3cSSHServerNotificationsPrefix OBJECT IDENTIFIER ::= { h3cSSHServerNotifications 0 }
-- All objects used for TRAP only are defined here.
h3cSSHUserAuthFailure NOTIFICATION-TYPE
OBJECTS
{
h3cSSHAttemptUserName,
h3cSSHAttemptIpAddrType,
h3cSSHAttemptIpAddr,
h3cSSHUserAuthFailureReason
}
STATUS current
DESCRIPTION
"The trap is generated when a user fails to authentication."
::= { h3cSSHServerNotificationsPrefix 1 }
h3cSSHVersionNegotiationFailure NOTIFICATION-TYPE
OBJECTS
{
h3cSSHAttemptIpAddrType,
h3cSSHAttemptIpAddr
}
STATUS current
DESCRIPTION
"The trap is generated when a user fails to negotiate SSH
protocol version."
::= { h3cSSHServerNotificationsPrefix 2 }
h3cSSHUserLogin NOTIFICATION-TYPE
OBJECTS
{
h3cSSHSessionUserName,
h3cSSHSessionUserIpAddrType,
h3cSSHSessionUserIpAddr
}
STATUS current
DESCRIPTION
"The trap is generated when a user logs in successfully."
::= { h3cSSHServerNotificationsPrefix 3 }
h3cSSHUserLogoff NOTIFICATION-TYPE
OBJECTS
{
h3cSSHSessionUserName,
h3cSSHSessionUserIpAddrType,
h3cSSHSessionUserIpAddr
}
STATUS current
DESCRIPTION
"The trap is generated when a user logs off."
::= { h3cSSHServerNotificationsPrefix 4 }
END
View Git Blame Copy Permalink