-- This file is corresponding to Release 9.1.10.101 from 2014/08/11 00:00:00


-- (C)opyright 1999-2014 bintec elmeg GmbH
-- $RCSfile: mibssh,v $ 
-- $Revision: 1.11 $ 

BIANCA-BRICK-SSH-MIB DEFINITIONS ::= BEGIN
        IMPORTS
            IpAddress, Counter, TimeTicks, enterprises
                FROM RFC1155-SMI

            DisplayString
                FROM RFC1158-MIB
            
            Date, BitValue, HexValue
                FROM BINTEC-MIB
 
            OBJECT-TYPE
                FROM RFC-1212;

    bintec       OBJECT IDENTIFIER ::= { enterprises 272 }
    bibo         OBJECT IDENTIFIER ::= { bintec 4 }

    -- Management Information for the SSH Subsystem of the BIANCA/BRICK, 
    ssh		OBJECT IDENTIFIER
        ::= { bibo 44 }


-- Global SSH Daemon Settings

	sshDaemonCfg OBJECT IDENTIFIER ::= { ssh 1 }

	sshdCfgPort OBJECT-TYPE
	    SYNTAX  INTEGER(1..65535)
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies the port on which the server listens
		 for connections (default: 22)."
	    DEFVAL { 22 }
	::= { sshDaemonCfg 1 }

	sshdCfgLoginGraceTime OBJECT-TYPE
	    SYNTAX  INTEGER(10..65535)
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Gives the grace time for clients to authenticate themselves
		 (default 600 seconds).  If the client fails to authenticate
		 the user within this many seconds, the server disconnects.
		 This timer can't be disabled for security reasons."
	    DEFVAL { 600 }
	::= { sshDaemonCfg 2 }

	sshdCfgHostbasedAuthentication OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether ssh_known_hosts authentication together with
		 successful public key client host authentication is
		 allowed (hostbased authentication).
		 This option applies to protocol version 2 only.
		 The default is 'no'."
	    DEFVAL { no }
	::= { sshDaemonCfg 3 }

	sshdCfgPubkeyAuthentication OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether public key authentication is allowed.
		 The default is 'yes'.
		 Note that this option applies to protocol version 2 only."
	    DEFVAL { yes }
	::= { sshDaemonCfg 4 }

	sshdCfgPasswordAuthentication OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether password authentication is allowed.
		 The default is 'yes'."
	    DEFVAL { yes }
	::= { sshDaemonCfg 5 }

	sshdCfgChallengeResponseAuthentication OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether challenge response authentication is allowed.
		 The default is 'yes'."
	    DEFVAL { yes }
	::= { sshDaemonCfg 6 }

	sshdCfgKeepAlives OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether the system should send keepalive messages to
		 the other side. If they are sent, death of the connection or
		 crash of one of the machines will be properly noticed. However,
		 this means that connections will die if the route is down tem-
		 porarily, and some people find it annoying. On the other hand,
		 if keepalives are not sent, sessions may hang indefinitely on
		 the server, leaving 'ghost' users and consuming server
		 resources.

		 The default is 'yes' (to send keepalives), and the server will
		 notice if the network goes down or the client host reboots.
		 This avoids infinitely hanging sessions.

		 To disable keepalives, the value should be set to 'no' in both
		 the server and the client configuration files."
	    DEFVAL { yes }
	::= { sshDaemonCfg 7 }

	sshdCfgPermitEmptyPasswd OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"When password authentication is allowed, it specifies
		 whether the server allows login to accounts with empty
		 password strings.
		 The default is 'no'."
	    DEFVAL { no }
	::= { sshDaemonCfg 8 }

	sshdCfgCompression OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Enables/disables the general use of compression."
	    DEFVAL { no }
	::= { sshDaemonCfg 9 }

	sshdCfgVerifyReverseMapping OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether sshd should try to verify the remote
		 host name and check that the resolved host name for the
		 remote IP address maps back to the very same IP address.
		 The default is 'no'."
	    DEFVAL { no }
	::= { sshDaemonCfg 10 }

	sshdCfgLogFacility OBJECT-TYPE
	    SYNTAX  INTEGER {
		daemon(1),
		user(2),
		auth(3),
		authPriv(4),
		local0(7),
		local1(8),
		local2(9),
		local3(10),
		local4(11),
		local5(12),
		local6(13),
		local7(14)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Gives the facility code that is used when logging messages
		 from sshd. The possible values are: 'daemon', 'user', 'auth',
		 'local0', 'local1', 'local2', 'local3', 'local4', 'local5',
		 'local6', 'local7'.
		 The default is 'auth'."
	    DEFVAL { auth }
	::= { sshDaemonCfg 11 }

	sshdCfgLogLevel OBJECT-TYPE
	    SYNTAX  INTEGER {
		quiet(1),
		fatal(2),
		error(3),
		info(4),
		verbose(5),
		debug1(6),
		debug2(7),
		debug3(8)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Gives the verbosity level that is used when logging messages
		 from sshd. The possible values are: 'quiet', 'fatal', 'error',
		 'info', 'verbose' and 'debug'.
		 The default is 'info'.
		 Logging with level 'debug' violates the privacy of users
		 and is not recommended."
	    DEFVAL { info }
	::= { sshDaemonCfg 12 }

	sshdCfgCiphers OBJECT-TYPE
	    SYNTAX  DisplayString
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies the ciphers allowed for protocol version 2.
		 Multiple ciphers must be comma-separated.
		 The default is
		 'aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour'."
	    DEFVAL { "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour" }
	::= { sshDaemonCfg 13 }

	sshdCfgMacs OBJECT-TYPE
	    SYNTAX  DisplayString
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies the available MAC (message authentication code)
		 algorithms. The MAC algorithm is used in protocol version 2
		 for data integrity protection. Multiple algorithms must be
		 comma-separated. The default is
		 'hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96'."
	    DEFVAL { "hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96" }
	::= { sshDaemonCfg 14 }

	sshdCfgProtocol OBJECT-TYPE
	    SYNTAX  DisplayString
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies the protocol versions sshd should support.
		 The possible values are '1' and '2'. Multiple versions
		 must be comma separated. Currently only protocol version 2
		 is supported by the BinTec implementation.
		 The default is '2'."
	    DEFVAL { "2" }
	::= { sshDaemonCfg 15 }

	sshdCfgMaxClients OBJECT-TYPE
	    SYNTAX  INTEGER(1..100)
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies the maximum number of concurrent unauthenticated
		 connections to the sshd daemon. Additional connections will
		 be dropped until authentication succeeds or the LoginGraceTime
		 expires for a connection.
		 The default is 1."
	    DEFVAL { 1 }
	::= { sshDaemonCfg 16 }

	sshdCfgClientAliveInterval OBJECT-TYPE
	    SYNTAX  INTEGER(1..3600)
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Sets a timeout interval in seconds after which if no data has
		 been received from the client, sshd will send a message through
		 the encrypted channel to request a response from the client.
		 The default is 0, indicating that these messages will not be
		 sent to the client.
		 This option applies to protocol version 2 only."
	    DEFVAL { 10 }
	::= { sshDaemonCfg 17 }

	sshdCfgClientAliveCountMax OBJECT-TYPE
	    SYNTAX  INTEGER(0..10)
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Sets the number of client alive messages (see above) which
		 may be sent without sshd receiving any messages back from
		 the client. If this threshold is reached while client alive
		 messages are being sent, sshd will disconnect the client,
		 terminating the session.
		 It is important to note that the use of client alive messages
		 is very different from KeepAlive (above). The client alive
		 messages are sent through the encrypted channel and therefore
		 will not be spoofable. The TCP keepalive option enabled by
		 KeepAlive is spoofable. The client alive mechanism is valuable
		 when the client or server depend on knowing when a connection
		 has become inactive.

		 The default value is 3.
		 If ClientAliveInterval (above) is set to 15, and
		 ClientAliveCountMax is left at the default, unresponsive ssh
		 clients will be disconnected after approximately 45 seconds."
	    DEFVAL { 3 }
	::= { sshDaemonCfg 18 }

	sshdCfgAllowTcpForwarding OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether TCP forwarding is permitted.
		 The default is 'no'."
	    DEFVAL { no }
	::= { sshDaemonCfg 19 }

	sshdCfgGatewayPorts OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether remote hosts are allowed to connect to ports
		 forwarded for the client. By default, sshd binds remote port
		 forwardings to the loopback addresss. This prevents other
		 remote hosts from connecting to forwarded ports. GatewayPorts
		 can be used to specify that sshd should bind remote port
		 forwardings to the wildcard address, thus allowing remote
		 hosts to connect to forwarded ports.
		 The argument must be 'yes' or 'no'.
		 The default is 'no'."
	    DEFVAL { no }
	::= { sshDaemonCfg 20 }

	sshdCfgUseLogin OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether login(1) is used for interactive login
		 sessions.
		 The default is 'yes'.
		 Note that login(1) is never used for remote command execution.
		 Note also, that if this is enabled, X11Forwarding will be
		 disabled because login(1) does not know how to handle
		 xauth(1) cookies."
	    DEFVAL { yes }
	::= { sshDaemonCfg 21 }

	sshdCfgX11Forwarding OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether X11 forwarding is permitted.
		 The default is 'no'.
		 X11 forwarding is automatically disabled
		 if UseLogin is enabled."
	    DEFVAL { no }
	::= { sshDaemonCfg 22 }

	sshdCfgX11DisplayOffset OBJECT-TYPE
	    SYNTAX  INTEGER(0..65535)
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies the first display number available for
		 sshd's X11 forwarding. This prevents sshd from
		 interfering with real X11 servers.
		 The default is 10."
	    DEFVAL { 10 }
	::= { sshDaemonCfg 23 }

	sshdCfgPrintMotd OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether sshd should print 'motd' when a user
		 logs in interactively. (On some systems it is also printed
		 by the shell, /etc/profile, or equivalent.)
		 The default is 'yes'."
	    DEFVAL { yes }
	::= { sshDaemonCfg 32 }

	sshdCfgBanner OBJECT-TYPE
	    SYNTAX  DisplayString
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"In some jurisdictions, sending a warning message before
		 authentication may be relevant for getting legal protection.
		 The contents of the specified file are sent to the remote user
		 before authentication is allowed.
		 This option is only available for protocol version 2."
	    DEFVAL { "" }
	::= { sshDaemonCfg 33 }

	sshdCfgPrintLastLog OBJECT-TYPE
	    SYNTAX  INTEGER {
		yes(1),
		no(2)
	    }
	    ACCESS  read-write
	    STATUS  mandatory
	    DESCRIPTION
		"Specifies whether sshd should print the date and time
		 when the user last logged in.
		 The default is 'no'."
	    DEFVAL { no }
	::= { sshDaemonCfg 34 }

	sshdCfgLastLogin OBJECT-TYPE
	    SYNTAX  DisplayString
	    ACCESS  read-only
	    STATUS  mandatory
	    DESCRIPTION
		"In some jurisdictions, sending a warning message before
		 authentication may be relevant for getting legal protection.
		 The contents of the specified file are sent to the remote user
		 before authentication is allowed.
		 This option is only available for protocol version 2."
	    DEFVAL { "" }
	::= { sshDaemonCfg 35 }

-- End Global SSH Daemon Settings


-- SSHD Active Session Table

	sshdSessionTable OBJECT-TYPE
	    SYNTAX  SEQUENCE OF SshdSessionEntry
	    ACCESS  not-accessible
	    STATUS  mandatory
	    DESCRIPTION
	         "The sshdSessionTable contains informations about the
	          currently connected clients handled by the BinTec ssh Daemon."
	 ::= { ssh 2 }

	sshdSessionEntry OBJECT-TYPE
	    SYNTAX  SshdSessionEntry
	    ACCESS  not-accessible
	    STATUS  mandatory
	    DESCRIPTION
		"A list of the currently active clients of sshd."
	    INDEX { sshdSessionIpAddr, sshdSessionIpPort }
	     ::= { sshdSessionTable 1 }

	SshdSessionEntry ::=
	    SEQUENCE {
		sshdSessionTimeStamp		Date,
		sshdSessionState		INTEGER,
		sshdSessionIpAddr		IpAddress,
		sshdSessionIpPort		INTEGER,
		sshdSessionCipher		DisplayString,
		sshdSessionMac			DisplayString,
		sshdSessionBytesIn		INTEGER,
		sshdSessionBytesOut		INTEGER,
		sshdSessionUserName		DisplayString,
		sshdSessionCompression		DisplayString
            }

	sshdSessionTimeStamp OBJECT-TYPE
	    SYNTAX  Date
	    ACCESS  read-only
	    STATUS  mandatory
	    DESCRIPTION
		"The timestamp for the TCP connection establishment."
	::= { sshdSessionEntry 1 }

	sshdSessionState OBJECT-TYPE
	    SYNTAX INTEGER{
		new(1),
		authenticating(2),
		connected(3),
		disconnecting(4),
		delete(15)
	    }
	    ACCESS read-write
	    STATUS mandatory
	    DESCRIPTION
		"The connection state of this client."
	    DEFVAL { new }
	::= { sshdSessionEntry 2 }

	sshdSessionIpAddr OBJECT-TYPE
	    SYNTAX  IpAddress
	    ACCESS  read-only
	    STATUS  mandatory
	    DESCRIPTION
		"The IP address of this client."
	::= { sshdSessionEntry 3 }

	sshdSessionIpPort  OBJECT-TYPE
	    SYNTAX  INTEGER
	    ACCESS  read-only
	    STATUS  mandatory
	    DESCRIPTION
		"The associated port # of this client."
	::= { sshdSessionEntry 4 }

	sshdSessionCipher OBJECT-TYPE
	    SYNTAX  DisplayString
	    ACCESS  read-only
	    STATUS  mandatory
	    DESCRIPTION
		"The cipher negotiated with this client."
	::= { sshdSessionEntry 5 }

	sshdSessionMac OBJECT-TYPE
	    SYNTAX  DisplayString
	    ACCESS  read-only
	    STATUS  mandatory
	    DESCRIPTION
		"The MAC (message authentication code)
		 negotiated with this client."
	::= { sshdSessionEntry 6 }

	sshdSessionBytesIn OBJECT-TYPE
	    SYNTAX  INTEGER
	    ACCESS  read-only
	    STATUS  mandatory
	    DESCRIPTION
		"The # of bytes received from this client."
	::= { sshdSessionEntry 7 }

	sshdSessionBytesOut OBJECT-TYPE
	    SYNTAX  INTEGER
	    ACCESS  read-only
	    STATUS  mandatory
	    DESCRIPTION
		"The # of bytes send to this client."
	::= { sshdSessionEntry 8 }

	sshdSessionUserName OBJECT-TYPE
	    SYNTAX  DisplayString
	    ACCESS  read-only
	    STATUS  mandatory
	    DESCRIPTION
		"The account used for the client's successful login."
	::= { sshdSessionEntry 9 }

	sshdSessionCompression OBJECT-TYPE
	    SYNTAX  DisplayString
	    ACCESS  read-only
	    STATUS  mandatory
	    DESCRIPTION
		"The compression algorithm negotiated with this client."
	::= { sshdSessionEntry 10 }


-- End SSHD Active Session Table


END
