1 / 10

draft-ietf-netconf-reverse-ssh-03

draft-ietf-netconf-reverse-ssh-03. NETCONF Call-Home using SSH. Recap. NETCONF “call home” is a long time request This draft enables it for SSH RFC5539bis does it for TLS Discussed previously at IETF’s 88, 87 and even 81 Solution Only reverse TCP direction, SSH direction is const

dee
Download Presentation

draft-ietf-netconf-reverse-ssh-03

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. draft-ietf-netconf-reverse-ssh-03 NETCONF Call-Home using SSH

  2. Recap • NETCONF “call home” is a long time request • This draft enables it for SSH • RFC5539bis does it for TLS • Discussed previously at IETF’s 88, 87 and even 81 • Solution • Only reverse TCP direction, SSH direction is const • Updates RFC 4253 • Requests an assigned port • Limited to NETCONF • Configuration unified with RFC 5539bis -00 -00 -00 -01 -02

  3. Only reverses TCP direction,SSH direction is const • Device initiates the TCP connection, and then runs SSH-server protocol • NMS accepts TCP connection and then runs SSH-client protocol on top of it TBD Device NMS

  4. Updates RFC 4253 (if approved) NETCONF Working Group K. Watsen Internet-Draft Juniper Networks Updates: 4253 (if approved)February 14, 2014 Intended status: Standards Track Expires: August 18, 2014 2.2. Update to RFC 4253 This document updates the SSH Transport Layer Protocol [RFC4253] only by removing the restriction in Section 4 (Connection Setup) of [RFC4252] that the SSH Client must initiate the transport connection. Security implications related to this change are discussed in Security Considerations (Section 7).

  5. IANA Considerations Service Name: reverse-ssh Transport Protocol(s): TCP Assignee: IESG iesg@ietf.org Contact: IETF Chair chair@ietf.org Description: Reverse SSH (call home) Reference: RFC XXXX Port Number: YYYY

  6. Applicability Statement • Added by Security area folks • Essentially: Reverse SSH MUST only be used for a NETCONF server to initiate a connection to a NETCONF client

  7. Configuration unified with RFC 5539bis The YANG moved to draft-kwatsen-netconf-server • The draft now just directs readers to it ( This is the only real update since the -02 draft )

  8. Current Status • No Open Issues • Reference implementation just released

  9. Reference Implementation https://github.com/Juniper/netconf-call-home • Implements draft-kwatsen-netconf-server-01 • Except for the TLS transport and the “periodic” connection type • Fork it!

  10. Questions / Concerns ?

More Related