datatracker.ietf.org
Sign in
Version 5.4.0, 2014-04-22
Report a bug

Using the NETCONF Configuration Protocol over Secure SHell (SSH)
RFC 4742

Document type: RFC - Proposed Standard (December 2006; Errata)
Obsoleted by RFC 6242
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4742 (Proposed Standard)
Responsible AD: Dan Romascanu
Send notices to: simon@switch.ch, ietf@andybierman.com; rpe@juniper.net

Network Working Group                                       M. Wasserman
Request for Comments: 4742                                    ThingMagic
Category: Standards Track                                     T. Goddard
                                              ICEsoft Technologies, Inc.
                                                           December 2006

    Using the NETCONF Configuration Protocol over Secure SHell (SSH)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2006).

Abstract

   This document describes a method for invoking and running the Network
   Configuration Protocol (NETCONF) within a Secure Shell (SSH) session
   as an SSH subsystem.

Table of Contents

   1. Introduction ....................................................2
   2. Requirements Terminology ........................................2
   3. Starting NETCONF over SSH .......................................2
      3.1. Capabilities Exchange ......................................3
   4. Using NETCONF over SSH ..........................................5
   5. Exiting the NETCONF Subsystem ...................................6
   6. Security Considerations .........................................6
   7. IANA Considerations .............................................7
   8. Acknowledgements ................................................7
   9. References ......................................................8
      9.1. Normative References .......................................8
      9.2. Informative References .....................................8

Wasserman & Goddard         Standards Track                     [Page 1]
RFC 4742                    NETCONF over SSH               December 2006

1.  Introduction

   The NETCONF protocol [RFC4721] is an XML-based protocol used to
   manage the configuration of networking equipment.  NETCONF is defined
   to be session-layer and transport independent, allowing mappings to
   be defined for multiple session-layer or transport protocols.  This
   document defines how NETCONF can be used within a Secure Shell (SSH)
   session, using the SSH connection protocol [RFC4254] over the SSH
   transport protocol [RFC4253].  This mapping will allow NETCONF to be
   executed from a secure shell session by a user or application.

   Throughout this document, the terms "client" and "server" are used to
   refer to the two ends of the SSH transport connection.  The client
   actively opens the SSH connection, and the server passively listens
   for the incoming SSH connection.  The terms "manager" and "agent" are
   used to refer to the two ends of the NETCONF protocol session.  The
   manager issues NETCONF remote procedure call (RPC) commands, and the
   agent replies to those commands.  When NETCONF is run over SSH using
   the mapping defined in this document, the client is always the
   manager, and the server is always the agent.

2.  Requirements Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

3.  Starting NETCONF over SSH

   To run NETCONF over SSH, the client will first establish an SSH
   transport connection using the SSH transport protocol, and the client
   and server will exchange keys for message integrity and encryption.
   The client will then invoke the "ssh-userauth" service to
   authenticate the user, as described in the SSH authentication
   protocol [RFC4252].  Once the user has been successfully
   authenticated, the client will invoke the "ssh-connection" service,
   also known as the SSH connection protocol.

   After the ssh-connection service is established, the client will open
   a channel of type "session", which will result in an SSH session.

   Once the SSH session has been established, the user (or application)
   will invoke NETCONF as an SSH subsystem called "netconf".  Subsystem
   support is a feature of SSH version 2 (SSHv2) and is not included in
   SSHv1.  Running NETCONF as an SSH subsystem avoids the need for the
   script to recognize shell prompts or skip over extraneous
   information, such as a system message that is sent at shell start-up.

[include full document text]