doc UPDATE add paragraph about public key auth

roman · michalvasko · commit d2db90ab6e6d · 2023-12-21T13:58:38.000+01:00
diff --git a/doc/libnetconf.doc b/doc/libnetconf.doc
@@ -391,6 +391,15 @@
  * Another option for authorized clients is to reference another endpoint's clients, however be careful not to create a cyclic reference
  * (see ::nc_server_config_add_ssh_endpoint_client_ref()). An authorized client MUST authenticate to all of it's configured authentication methods.
  *
+ * \anchor ln2doc_pubkey
+ * The Public Key authentication method is supported. If you wish to use this method, you need to specify the given user's
+ * public keys, which will be compared with the key(s) presented by the SSH client when authenticating. One option is to configure
+ * the public keys directly in the ietf-netconf-server YANG data (inline-definition). Other option is to configure the keys' data
+ * in the ietf-trustore module's YANG data and then reference them (truststore-reference). The final option is to set the global
+ * path to file with public keys. This path may contain special tokens, see ::nc_server_ssh_set_authkey_path_format().
+ * If the path is set and the use-system-keys container is present in the data for the client wishing to authenticate,
+ * then the keys from the file will be used for authentication.
+ *
  * \anchor ln2doc_kbdint
  * The Keyboard Interactive authentication method is also supported. It can be done in three ways.
  * If libpam is found, Linux PAM is used to handle the authentication. You need to specify the service name using ::nc_server_ssh_set_pam_conf_filename().
diff --git a/modules/libnetconf2-netconf-server@2023-09-07.yang b/modules/libnetconf2-netconf-server@2023-09-07.yang
@@ -265,9 +265,15 @@ module libnetconf2-netconf-server {
       "Grouping for using the system configured keys in the SSH public key authentication method.";
 
       container use-system-keys {
-        presence "Indicates that the given user will be authenticated using the system's configured public keys.";
+        presence
+          "Indicates that the given user will be authenticated using the system's configured public keys.";
+
         description
           "Authentication is done using the system's mechanisms.";
+
+        reference
+          "libnetconf2 documentation:
+              Section SSH";
       }
   }
 
@@ -296,6 +302,10 @@ module libnetconf2-netconf-server {
 
           description
             "Authentication is done using the system's mechanisms.";
+
+          reference
+          "libnetconf2 documentation:
+              Section SSH";
         }
       }
     }

Original file line number	Diff line number	Diff line change
`@@ -265,9 +265,15 @@ module libnetconf2-netconf-server {`
`265`	`265`	`"Grouping for using the system configured keys in the SSH public key authentication method.";`
`266`	`266`
`267`	`267`	`container use-system-keys {`
`268`		`- presence "Indicates that the given user will be authenticated using the system's configured public keys.";`
	`268`	`+ presence`
	`269`	`+ "Indicates that the given user will be authenticated using the system's configured public keys.";`
	`270`	`+`
`269`	`271`	`description`
`270`	`272`	`"Authentication is done using the system's mechanisms.";`
	`273`	`+`
	`274`	`+ reference`
	`275`	`+ "libnetconf2 documentation:`
	`276`	`+ Section SSH";`
`271`	`277`	`}`
`272`	`278`	`}`
`273`	`279`
`@@ -296,6 +302,10 @@ module libnetconf2-netconf-server {`
`296`	`302`
`297`	`303`	`description`
`298`	`304`	`"Authentication is done using the system's mechanisms.";`
	`305`	`+`
	`306`	`+ reference`
	`307`	`+ "libnetconf2 documentation:`
	`308`	`+ Section SSH";`
`299`	`309`	`}`
`300`	`310`	`}`
`301`	`311`	`}`