RADLAN-SSH-MIB DEFINITIONS ::= BEGIN

-- Title:      RADLAN PHY MIB
-- Version:    7.30
-- Date:       13 Jan 2003
--
IMPORTS
    OBJECT-TYPE, MODULE-IDENTITY,
    Unsigned32, IpAddress                       FROM SNMPv2-SMI
    TEXTUAL-CONVENTION, DisplayString, RowStatus
                                                FROM SNMPv2-TC
    rnd                                         FROM RADLAN-MIB;


   rlSsh MODULE-IDENTITY
      LAST-UPDATED "200209300024Z"  -- September 30, 2002
      ORGANIZATION "Radlan Computer Communication Ltd."
      CONTACT-INFO
              "radlan.com"
      DESCRIPTION
              "The MIB module describes the private MIB for SSH supported
               by Radlan's software and products."
      REVISION     "200301030024Z"  -- January 04, 2003
      DESCRIPTION
              "The second revision"
      REVISION     "200309210024Z"  -- September 21, 2003
      DESCRIPTION
              "Editorial changes."
      ::= { rnd 78  }

--
-- Textual Conventions
--
RlSshPublicKeyAlgorithm ::= TEXTUAL-CONVENTION
    STATUS  current
    DESCRIPTION
        "This textual convention describes the various possible public key
         algorithms.  The key algorithm is used to select the PK to be generated
         and is also used when viewing the public keys."

    SYNTAX  INTEGER {
        rsa1(0),
        rsa(1),
        dsa(2),
        none(999)
    }

RlSshPublicKeyDigestFormat ::= TEXTUAL-CONVENTION
    STATUS  current
    DESCRIPTION
        "This textual convention describes the format used to display the public
         key fingerprint.  The hex format is the format used by PGP and OpenSSH.
         The bubble-babble format is used by SSH.com software."

    SYNTAX  INTEGER {
        hex(0),
        bubbleBabble(1)
    }

rlSshMibVersion OBJECT-TYPE
    SYNTAX      INTEGER
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The MIB version. The current version is 2"
    ::= { rlSsh 1 }

--
-- Server tables
--
rlSshServer OBJECT IDENTIFIER ::= { rlSsh 2 }

--
-- Host Public Key Table
--
rlSshServerHostPublicKeyTable OBJECT-TYPE
   SYNTAX SEQUENCE OF RlSshServerHostPublicKeyTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
    "This table contains the router's public key.  Each row in this table
     contains a fragment of the key, in printable binhex format.  There may
     be up to 160 characters in every fragment, and they are all combined
     to form one key.  The key is generated by writing to
     rlSshServerRegenerateHostKey.  To cause clients to connect to this router
     without printing warning messages (and also prevent active
     man-in-the-middle), the router's public key must printed out and inserted
     into the client's authorized_keys file"
    ::= { rlSshServer 1 }

rlSshServerHostPublicKeyTableEntry  OBJECT-TYPE
   SYNTAX RlSshServerHostPublicKeyTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
       " The row definition for this table."
   INDEX { rlSshServerHostPublicKeyAlgorithm, rlSshServerHostPublicKeyFragmentId }
   ::= { rlSshServerHostPublicKeyTable 1 }

RlSshServerHostPublicKeyTableEntry ::= SEQUENCE {
  rlSshServerHostPublicKeyAlgorithm           RlSshPublicKeyAlgorithm,
  rlSshServerHostPublicKeyFragmentId          Unsigned32,
  rlSshServerHostPublicKeyFragmentText        DisplayString
}

rlSshServerHostPublicKeyAlgorithm   OBJECT-TYPE
   SYNTAX RlSshPublicKeyAlgorithm
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "Identifies the type of public key to be displayed."
     ::=  { rlSshServerHostPublicKeyTableEntry  1 }

rlSshServerHostPublicKeyFragmentId   OBJECT-TYPE
   SYNTAX Unsigned32
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "Identifies the index of this fragment in the final key.  All segments must
     be combined to form one big key."
     ::=  { rlSshServerHostPublicKeyTableEntry  2 }

rlSshServerHostPublicKeyFragmentText       OBJECT-TYPE
   SYNTAX DisplayString
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "A part of the readable text entry for the server's public authorzation key."
     ::=  { rlSshServerHostPublicKeyTableEntry  3 }

--
-- Host Public Key Fingerprint Table
--
rlSshServerHostPublicKeyFingerprintTable OBJECT-TYPE
   SYNTAX SEQUENCE OF RlSshServerHostPublicKeyFingerprintTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
    "This table contains the fingerprint for the router's public key."
    ::= { rlSshServer 2 }

rlSshServerHostPublicKeyFingerprintTableEntry  OBJECT-TYPE
   SYNTAX RlSshServerHostPublicKeyFingerprintTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
       " The row definition for this table."
   INDEX { rlSshServerHostPublicKeyFingerprintAlgorithm, rlSshServerHostPublicKeyFingerprintDigestFormat }
   ::= { rlSshServerHostPublicKeyFingerprintTable 1 }

RlSshServerHostPublicKeyFingerprintTableEntry ::= SEQUENCE {
  rlSshServerHostPublicKeyFingerprintAlgorithm           RlSshPublicKeyAlgorithm,
  rlSshServerHostPublicKeyFingerprintDigestFormat        RlSshPublicKeyDigestFormat,
  rlSshServerHostPublicKeyFingerprint                    DisplayString
}

rlSshServerHostPublicKeyFingerprintAlgorithm   OBJECT-TYPE
   SYNTAX RlSshPublicKeyAlgorithm
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "Identifies the type of public key to be displayed."
     ::=  { rlSshServerHostPublicKeyFingerprintTableEntry  1 }

rlSshServerHostPublicKeyFingerprintDigestFormat   OBJECT-TYPE
   SYNTAX RlSshPublicKeyDigestFormat
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "Format of the digest to be displayed (OpenSSH or SSH.com)."
     ::=  { rlSshServerHostPublicKeyFingerprintTableEntry 2 }

rlSshServerHostPublicKeyFingerprint   OBJECT-TYPE
   SYNTAX DisplayString
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "SECSH format fingerprint of the server's public key.  To prevent man in
     the middle attacks, users should make sure the ssh Server's fingerprint,
     as printed in the connection process, is similar to the one printed here."
     ::=  { rlSshServerHostPublicKeyFingerprintTableEntry 3 }


--
-- Authorized Key Table
--
rlSshServerAuthorizedUsersPublicKeyTable OBJECT-TYPE
   SYNTAX SEQUENCE OF RlSshServerAuthorizedUsersPublicKeyTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
    "This table contains public keys for all users who are authorized to access
    the router.  For a user to be able to log in using SSH, the user name must
    appear in this table, and the user's public key must match the one found
    here."
     ::= { rlSshServer 3 }

rlSshServerAuthorizedUsersPublicKeyTableEntry  OBJECT-TYPE
   SYNTAX RlSshServerAuthorizedUsersPublicKeyTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
       " The row definition for this table."
   INDEX { rlSshServerAuthorizedUserName,
           rlSshServerAuthorizedUserPublicKeyFragmentId }
   ::= { rlSshServerAuthorizedUsersPublicKeyTable 1 }

RlSshServerAuthorizedUsersPublicKeyTableEntry ::= SEQUENCE {
  rlSshServerAuthorizedUserName        DisplayString,
  rlSshServerAuthorizedUserPublicKeyFragmentId      Unsigned32,
  rlSshServerAuthorizedUserPublicKeyFragmentText    DisplayString,
  rlSshServerAuthorizedUserPublicKeyFragmentStatus  RowStatus
}

rlSshServerAuthorizedUserName   OBJECT-TYPE
   SYNTAX DisplayString (SIZE(1..48))
   MAX-ACCESS   read-write
   STATUS current
   DESCRIPTION
    "Name of the user who owns this public key.  Both the user name and the
    key bytes must match before a user is authenticated using this key."
     ::=  { rlSshServerAuthorizedUsersPublicKeyTableEntry  1 }

rlSshServerAuthorizedUserPublicKeyFragmentId   OBJECT-TYPE
   SYNTAX Unsigned32
   MAX-ACCESS   read-write
   STATUS current
   DESCRIPTION
    "Identifies the index of this fragment in the final key.  All segments must
     be combined to form one big key."
     ::=  { rlSshServerAuthorizedUsersPublicKeyTableEntry  2 }

rlSshServerAuthorizedUserPublicKeyFragmentText       OBJECT-TYPE
   SYNTAX DisplayString
   MAX-ACCESS   read-write
   STATUS current
   DESCRIPTION
    "A part of the readable text entry for the user's public authorzation key."
     ::=  { rlSshServerAuthorizedUsersPublicKeyTableEntry  3 }

rlSshServerAuthorizedUserPublicKeyFragmentStatus       OBJECT-TYPE
   SYNTAX RowStatus
   MAX-ACCESS   read-write
   STATUS current
   DESCRIPTION
    "Create or delete a fragment of the user's public key.
    A user is deleted if it has no remaining fragments."
     ::=  { rlSshServerAuthorizedUsersPublicKeyTableEntry  4 }

--
-- New 01-01-03: Authorized user fingerprint table.
--
rlSshServerAuthorizedUsersPublicKeyFingerprintTable OBJECT-TYPE
   SYNTAX SEQUENCE OF RlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
    "This table contains the fingerprints of the public keys for all users who
     are authorized to access the router.
     To prevent man in the middle attacks, users should make sure the
     user's fingerprint, as printed in the connection process, is similar
     to the one printed here."
     ::= { rlSshServer 5 }

rlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry  OBJECT-TYPE
   SYNTAX RlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
       " The row definition for this table."
   INDEX { rlSshServerAuthorizedUserFingerprintName,
           rlSshServerAuthorizedUserPublicKeyFingerprintDigestFormat }
   ::= { rlSshServerAuthorizedUsersPublicKeyFingerprintTable 1 }

RlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry ::= SEQUENCE {
      rlSshServerAuthorizedUserFingerprintName        DisplayString,
      rlSshServerAuthorizedUserPublicKeyFingerprintDigestFormat        RlSshPublicKeyDigestFormat,
      rlSshServerAuthorizedUserPublicKeyFingerprintAlgorithm           RlSshPublicKeyAlgorithm,
      rlSshServerAuthorizedUserPublicKeyFingerprint                    DisplayString
}

rlSshServerAuthorizedUserFingerprintName   OBJECT-TYPE
   SYNTAX DisplayString (SIZE(1..48))
   MAX-ACCESS   read-write
   STATUS current
   DESCRIPTION
    "Name of the user who owns this public key.  Both the user name and the
     key bytes must match before a user is authenticated using this key."
     ::=  { rlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry  1 }

rlSshServerAuthorizedUserPublicKeyFingerprintAlgorithm   OBJECT-TYPE
   SYNTAX RlSshPublicKeyAlgorithm
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "Identifies the type of public key to be displayed."
     ::=  { rlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry  2 }

rlSshServerAuthorizedUserPublicKeyFingerprintDigestFormat   OBJECT-TYPE
   SYNTAX RlSshPublicKeyDigestFormat
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "Format of the digest to be displayed (OpenSSH or SSH.com)."
     ::=  { rlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry 3 }

rlSshServerAuthorizedUserPublicKeyFingerprint   OBJECT-TYPE
   SYNTAX DisplayString
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "SECSH format fingerprint of the user's public key.  To prevent man in
     the middle attacks, users should make sure their ssh fingerprint,
     as printed in the connection process, is similar to the one printed here."
     ::=  { rlSshServerAuthorizedUsersPublicKeyFingerprintTableEntry 4 }


--
-- Session Table
--
rlSshServerSessionTable OBJECT-TYPE
   SYNTAX SEQUENCE OF RlSshServerSessionTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
    "Each row in this table corresponds to an active SSH session with
     the server"
     ::= { rlSshServer 6 }

rlSshServerSessionTableEntry  OBJECT-TYPE
   SYNTAX RlSshServerSessionTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
       " The row definition for this table."
   INDEX { rlSshServerSessionIdentifier }
   ::= { rlSshServerSessionTable 1 }

RlSshServerSessionTableEntry ::= SEQUENCE {
  rlSshServerSessionIdentifier      Unsigned32,
  rlSshServerSessionPeerAddress     IpAddress,
  rlSshServerSessionPeerPort        Unsigned32,
  rlSshServerSessionUsername        DisplayString,
  rlSshServerSessionPeerVersion     DisplayString,
  rlSshServerSessionCipher          DisplayString,
  rlSshServerSessionHMAC            DisplayString
}

rlSshServerSessionIdentifier   OBJECT-TYPE
   SYNTAX Unsigned32
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "Identifies the connection to which this row corresponds."
     ::=  { rlSshServerSessionTableEntry 1 }

rlSshServerSessionPeerAddress   OBJECT-TYPE
   SYNTAX IpAddress
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "The network address of the remote host connected to the server."
     ::=  { rlSshServerSessionTableEntry 2 }

rlSshServerSessionPeerPort      OBJECT-TYPE
   SYNTAX Unsigned32
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "The source network port of the remote host connected to the server."
     ::=  { rlSshServerSessionTableEntry 3 }

rlSshServerSessionPeerVersion   OBJECT-TYPE
   SYNTAX DisplayString
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "The client version of the remote host connected to the server."
     ::=  { rlSshServerSessionTableEntry 4 }

rlSshServerSessionUsername      OBJECT-TYPE
   SYNTAX DisplayString
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "SSH authenticated name of user connected to the server."
     ::=  { rlSshServerSessionTableEntry 5 }

rlSshServerSessionCipher      OBJECT-TYPE
   SYNTAX DisplayString
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "Data encryption cipher used in this connection."
     ::=  { rlSshServerSessionTableEntry 6 }

rlSshServerSessionHMAC      OBJECT-TYPE
   SYNTAX DisplayString
   MAX-ACCESS   read-only
   STATUS current
   DESCRIPTION
    "Message authentication code used in this connection."
     ::=  { rlSshServerSessionTableEntry 7 }

--
-- SSH Server Scalars
--
rlSshServerPort OBJECT-TYPE
    SYNTAX      Unsigned32(1..65535)
    MAX-ACCESS      read-write
    STATUS current
    DESCRIPTION
        "Specifies the TCP port used by the SSH 2 Server to listen for incoming
         connections."
    DEFVAL      { 22 }
    ::= { rlSshServer 101 }

rlSshServerEnable OBJECT-TYPE
    SYNTAX   INTEGER {
        enable(1),
        disable(2)
    }
    MAX-ACCESS      read-write
    STATUS current
    DESCRIPTION
        "Enables listening for incoming SSH2 connections on the port defined in
        rlSshServerPort."
    ::= { rlSshServer 102 }

rlSshServerEnablePublicKeyAuthentication OBJECT-TYPE
    SYNTAX   INTEGER {
        enable(1),
        disable(2)
    }
    MAX-ACCESS      read-write
    STATUS current
    DESCRIPTION
        "If PK authentication is enabled, incoming SSH connections are
        authenticated using public key authentication (using
        rlSshServerAuthorizedUsersPublicKeyTable), before authenticating using
        the router's standard AAA.  If disabled, SSH connections are only
        authorized by the router's AAA component."
    ::= { rlSshServer 103 }

rlSshServerRegenerateHostKey OBJECT-TYPE
    SYNTAX  RlSshPublicKeyAlgorithm
    MAX-ACCESS      read-write
    STATUS current
    DESCRIPTION
        "Setting to a value other than none results in the Server (Host) Key
        being regenerated.  The key size is host-specific."
    ::= { rlSshServer 104 }

--
-- SSH Client Scalars
--
rlSshClient OBJECT IDENTIFIER ::= { rlSsh 3 }

rlSshClientUserName OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS      read-write
    STATUS current
    DESCRIPTION
        "Specifies the default user name the ssh client will use when
        authenticating to a remote server."
    ::= { rlSshClient 1 }

rlSshClientRegenerateSelfKey OBJECT-TYPE
    SYNTAX  RlSshPublicKeyAlgorithm
    MAX-ACCESS      read-write
    STATUS current
    DESCRIPTION
        "Setting to a value other than none results in the client self key
        being regenerated.  The key size is host-specific."
    ::= { rlSshClient 2 }

--
-- Client Self Public Key Table
--
rlSshClientSelfPublicKeyTable OBJECT-TYPE
   SYNTAX SEQUENCE OF RlSshClientSelfPublicKeyTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
    "This table contains the router's client self public key.  Each row in
    this table contains a fragment of the key, in printable binhex format.
    There may be up to 160 characters in every fragment, and they are all
    combined to form one key.  The key is generated by writing to
    rlSshClientRegenerateSelfKey.  To cause clients to connect to this router
    without printing warning messages (and also prevent active
    man-in-the-middle), the router's public key must printed out and
    inserted into the client's authorized_keys file"
    ::= { rlSshClient 3 }

rlSshClientSelfPublicKeyTableEntry  OBJECT-TYPE
   SYNTAX RlSshClientSelfPublicKeyTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
       " The row definition for this table."
   INDEX { rlSshClientSelfPublicKeyAlgorithm, rlSshClientSelfPublicKeyFragmentId }
   ::= { rlSshClientSelfPublicKeyTable 1 }

RlSshClientSelfPublicKeyTableEntry ::= SEQUENCE {
  rlSshClientSelfPublicKeyFragmentId      Unsigned32,
  rlSshClientSelfPublicKeyAlgorithm       RlSshPublicKeyAlgorithm,
  rlSshClientSelfPublicKeyFragmentText        DisplayString
}

rlSshClientSelfPublicKeyFragmentId   OBJECT-TYPE
   SYNTAX Unsigned32
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
    "Identifies the index of this fragment in the final key.  All segments must
     be combined to form one big key."
     ::=  { rlSshClientSelfPublicKeyTableEntry  1 }

rlSshClientSelfPublicKeyAlgorithm   OBJECT-TYPE
   SYNTAX RlSshPublicKeyAlgorithm
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
    "Identifies the type of public key to be displayed."
     ::=  { rlSshClientSelfPublicKeyTableEntry  2 }

rlSshClientSelfPublicKeyFragmentText       OBJECT-TYPE
   SYNTAX DisplayString
   MAX-ACCESS   read-write
   STATUS current
   DESCRIPTION
    "A part of the readable text entry for the router's client public
     authorization key."
     ::=  { rlSshClientSelfPublicKeyTableEntry  3 }

--
-- Client Self Key Fingerprint Table
--
rlSshClientSelfPublicKeyFingerprintTable OBJECT-TYPE
   SYNTAX SEQUENCE OF RlSshClientSelfPublicKeyFingerprintTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
    "This table contains the fingerprint for the client's self key.  "
    ::= { rlSshClient 4 }

rlSshClientSelfPublicKeyFingerprintTableEntry  OBJECT-TYPE
   SYNTAX RlSshClientSelfPublicKeyFingerprintTableEntry
   MAX-ACCESS   not-accessible
   STATUS       current
   DESCRIPTION
       " The row definition for this table."
   INDEX { rlSshClientSelfPublicKeyFingerprintAlgorithm, rlSshClientSelfPublicKeyFingerprintDigestFormat }
   ::= { rlSshClientSelfPublicKeyFingerprintTable 1 }

RlSshClientSelfPublicKeyFingerprintTableEntry ::= SEQUENCE {
  rlSshClientSelfPublicKeyFingerprintAlgorithm           RlSshPublicKeyAlgorithm,
  rlSshClientSelfPublicKeyFingerprintDigestFormat        RlSshPublicKeyDigestFormat,
  rlSshClientSelfPublicKeyFingerprint                    DisplayString
}

rlSshClientSelfPublicKeyFingerprintAlgorithm   OBJECT-TYPE
   SYNTAX RlSshPublicKeyAlgorithm
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
    "Identifies the type of public key to be displayed."
     ::=  { rlSshClientSelfPublicKeyFingerprintTableEntry  1 }

rlSshClientSelfPublicKeyFingerprintDigestFormat   OBJECT-TYPE
   SYNTAX RlSshPublicKeyDigestFormat
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
    "Format of the digest to be displayed (OpenSSH or SSH.com)."
     ::=  { rlSshClientSelfPublicKeyFingerprintTableEntry 2 }

rlSshClientSelfPublicKeyFingerprint   OBJECT-TYPE
   SYNTAX DisplayString
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
    "SECSH format fingerprint of the client's self key.  To prevent man in
     the middle attacks, users should make sure the ssh Server's fingerprint,
     as printed in the connection process, is similar to the one printed here."
     ::=  { rlSshClientSelfPublicKeyFingerprintTableEntry 3 }


END
