netopeer2-cli - Man Page

Manage SSH authentication options - authentication preferences and private keys.

This command is available with SSH support.

auth (--help | pref [(publickey | interactive | password) preference] | keys [add private_key_path] [remove key_index])

pref

Print the current authentication method preferences or change a specific method preference.

preference

The new preference of the authentication method. Negative values disable the authentication method.

keys

Manage keys used for authentication.

path_to_the_key

If specified, add or remove the keys. If not, show the current keys.

remove cert_name

Removes the cert_name certificate from the trusted CA dir ~/.netopeer2-cli/certs and recalculates hashes of all the certificates. cert_name is the certificate file name, as displayed in the cert display command output.

displayown

Shows information about the status of the default client certificates and displays information about any relevant found client certificates ~/.netopeer2-cli/client.crt and ~/.netopeer2-cli/client.pem.

replaceown cert_path [key_path]

Replaces the default client certificates with the PEM certificate in cert_path or the CRT certificate cert_path and private key key_path. All previous client certificates are deleted.

Cancel a pending confirmed commit.

cancel-commit [--help] [--persist-id commit-id]

--persist-(i)d commit-id

Cancel a specific commit-id pending confirmed commit.

Manage client and trusted Certificate Authority certificates that are used for TLS verification stored in ~/.netopeer2-cli/client.* and ~/.netopeer2-cli/certs respectively.

This command is available with TLS support.

cert [--help] [display] [add cert_path] [remove cert_name] [displayown] [replaceown (cert_path.pem | cert_path.crt key_path.key)]

display

Displays all the recognized certificates in ~/.netopeer2-cli/certs. First the file name and serial number, then subject, issuer and validity are shown for each certificate.

add cert_path

Adds the cert_path certificate to the trusted CA dir ~/.netopeer2-cli/certs and recalculates hashes of all the certificates.

Perform NETCONF <commit> operation. For more details see RFC 6241 section 8.3.4.1.

commit [--help] [--confirmed] [--confirm-timeout sec] [--persist new-commit-id] [--persist-id commit-id]

--(c)onfirmed

Make the <commit> a confirmed commit. See RFC 6421 section 8.4.

--confirm-(t)imeout sec

Specify the confirmed commit timeout. Can be used only with --confirmed.

--(p)ersist new-commit-id

Make the commit a persistent commit. new-commit-id is the identificator of the commit.

--persist-(i)d commit-id

Confirm a persistent commit with the commit-id identificator.

Connect to a NETCONF server.

connect [--help] [--host hostname] [--port num]
   [--ssh] [--login username]
   --tls  [--cert cert_path [--key key_path]] [--trusted trusted_CA_store.pem]

--h(o)st hostname

Specifies the hostname of the NETCONF server to connect to. If not specified, 'localhost' is used.

--(p)ort num

Port to connect to the NETCONF server on. By default, port 830 for SSH or 6513 for TLS transport is used.

--(s)sh

Use NETCONF over SSH transport. This is the default, when both SSH and TLS are enabled.

--(l)ogin username

Specify the SSH username to connect with. By default, the current system user is used.

--(t)ls

Use NETCONF over TLS transport.

--(c)ert cert_path

Use a specific certificate for TLS handshake. cert_path specifies path to the client certificate in CRT format. If the --key option is not specified, cert_path is expected to contain also the private key for the client certificate, in PEM format.

--(k)ey key_path

Specifies path to the private key for the client certificate in KEY format. If not specified, cert_path is expected to contain also the private key for the client certificate, in PEM format.

--t(r)usted trusted_CA_store.pem

Specifies path to a trusted CA certificate bundle in PEM format to be used exclusively for server verification for this connection instead of the default CA directory.

Perform NETCONF <copy-config> operation. For more details see RFC 6241 section 7.3.

copy-config [--help] --target running|startup|candidate|url:url (--source running|startup|candidate|url:url | --src-config [file]) [--defaults report-all|report-all-tagged|trim|explicit]

--(t)arget running|startup|candidate|url:url

Specifies the target of the <copy-config> operation. Either a datastore or a specific URL can be specified.

--(s)ource running|startup|candidate|url:url

Specifies the source of the <copy-config> operation. Either a datastore or a specific URL can be specified.

--src-(c)onfig [file]

Specifies the source of the <copy-config> operation. If a file with the configuration is not specified, the configuration is read from the standard input.

--(d)efaults report-all|report-all-tagged|trim|explicit

Use :with-defaults capability with the specified retrieval mode. For more details see RFC 6243 section 3.

Perform NETCONF <delete-config> operation. For more details see RFC 6241 section 7.4.

delete-config [--help] --target startup|url:url

--(t)arget startup|url:url

Specifies the target of the <delete-config> operation. Either the startup datastore or a specific URL can be specified.

Perform YANG notifications <delete-subscription> operation. For more details see RFC 8639 section 2.4.4..

delete-sub [--help] --id <sub-ID> [--out <file>] [--rpc-timeout <seconds>]

--(i)d sub-ID

ID of the subscription to delete.

Perform NETCONF <discard-changes> operation. It reverts the candidate configuration to the current running configuration. For more details see RFC 6241 section 8.3.4.2.

Disconnect from a NETCONF server.

Perform NETCONF <edit-config> operation. For more details see RFC 6241 section 7.2.

edit-config [--help] --target running|candidate (--config [file] | --url url) [--defop merge|replace|none] [--test set|test-only|test-then-set] [--error stop|continue|rollback]

--(t)arget running|candidate

Specifies the target of the <edit-config> operation.

--(c)onfig [file]

Specifies the content of the <edit-config> operation. If a file with the configuration is not specified, the configuration is read from the standard input.

--(u)rl ur

Specifies the content of the <edit-config> operation. It is retrieved from that specific URL.

--def(o)p merge|replace|none

Specifies default operation for applying configuration data.

merge

Merge configuration data at the corresponding level. This is the default value.

replace

Edit configuration data completely replaces the configuration in the target datastore.

none

The target datastore is unaffected by the edit configuration data, unless and until the edit configuration data contains the operation attribute to request a different operation.

--t(e)st set|test-only|test-then-set

Perform validation of the modified configuration data. This option is available only if the server supports :validate:1.1 capability (see RFC 6241 section 8.6).

set

Do not perform validation test.

test-only

Do not apply the modified data, only perform the validation test.

test-then-set

Perform a validation test before attempting to apply modified configuration data. This is the default value.

--e(r)ror stop|continue|rollback

Set reaction to an error.

stop

Abort the operation on first error. This is the default value.

continue

Continue to process configuration data on error. The error is recorded and negative response is returned.

rollback

Stop the operation processing on error and restore the configuration to its complete state at the start of this operation. This action is available only if the server supports :rollback-on-error capability (see RFC 6241 section 8.5).

Perform NMDA <edit-data> operation. For more details see RFC 8526 section 3.1.2..

edit-data [--help] --datastore running|startup|candidate (--config[=<file>] | --url <url>) [--defop merge|replace|none] [--rpc-timeout <seconds>]

--(d)atastore running|startup|candidate

Selects the datastore to edit.

--(c)onfig [file]

Specifies the content of the <edit-config> operation. If a file with the configuration is not specified, the configuration is read from the standard input.

--(u)rl ur

Specifies the content of the <edit-config> operation. It is retrieved from that specific URL.

--def(o)p merge|replace|none

Specifies default operation for applying configuration data.

merge

Merge configuration data at the corresponding level. This is the default value.

replace

Edit configuration data completely replaces the configuration in the target datastore.

none

The target datastore is unaffected by the edit configuration data, unless and until the edit configuration data contains the operation attribute to request a different operation.

Manage the external editor used for modifying raw input data.

editor [--help] [path/name_of_the_editor]

path/name_of_the_editor

The full path or just the name of the editor to be used.

Perform YANG push <establish-subscription> operation. Must be either periodic or on-change. For more details see RFC 8641 section 4.4.1..

establish-push [--help] --datastore running|startup|candidate|operational [--filter-subtree[=<file>] | --filter-xpath <XPath> | --filter-ref <name>] [--end <time>] [--encoding <encoding>] (--periodic --period <period> [--anchor-time <time>] | --on-change [--dampening-period <period>] [--no-sync-on-start] [--excluded-change <change>]*) [--out <file>] [--rpc-timeout <seconds>]

--(d)atastore running|startup|candidate|operational

Selects the datastore to subscribe to for YANG push updates.

--filter-(s)ubtree [file]

Specifies whether the request will contain a subtree filter (RFC 6241 section 6). The file is expected to contain the filter specification. If it is not specified, it is read from standard input.

--filter-(x)path XPath

Specifies whether the request will contain an XPath filter. XPath is the expression used for filtering.

--filter-(r)ef name

Specifies whether the request will contain a referenced stored filter.

--(e)nd time

Specifies when the event replay stops. Format of the time parameter is as follows:

+time

Current time plus the given number of seconds.

time

Absolute time as number of seconds since 1970-01-01.

-time

Current time minus the given number of seconds.

--(e)ncoding encoding

Encoding to use for the notification. The default is XML, which is only what NETCONF supports.

--period period

Periodic push subscription period determining the interval between notifications.

--anchor-time time

Periodic push subscription point in time to anchor the period to.

--dampening-period period

On-change push subscription dampening period to prevent too many subscriptions being sent.

--no-sync-on-start

On-change push subscription option to not sent an initial subscription with the current configuration.

--excluded-change change

On-change push subscription changes that will be excluded and not reported in the notifications.

Perform YANG notifications <establish-subscription> operation. For more details see RFC 8639 section 2.4.2..

establish-sub [--help] --stream <stream> [--filter-subtree[=<file>] | --filter-xpath <XPath> | --filter-ref <name>] [--begin <time>] [--end <time>] [--encoding <encoding>] [--out <file>] [--rpc-timeout <seconds>]

--s(t)ream stream

NETCONF event stream to subscribe to.

--filter-(s)ubtree [file]

Specifies whether the request will contain a subtree filter (RFC 6241 section 6). The file is expected to contain the filter specification. If it is not specified, it is read from standard input.

--filter-(x)path XPath

Specifies whether the request will contain an XPath filter. XPath is the expression used for filtering.

--filter-(r)ef name

Specifies whether the request will contain a referenced stored filter.

--(b)egin time

Start to replay event notifications from past (future time is not valid). If the start time is not specified, replay feature is not activated and only new event notifications are received. Format of the time parameter is described below.

--(e)nd time

Specifies when the event replay stops. Format of the time parameter is as follows:

+time

Current time plus the given number of seconds.

time

Absolute time as number of seconds since 1970-01-01.

-time

Current time minus the given number of seconds.

--(e)ncoding encoding

Encoding to use for the notification. The default is XML, which is only what NETCONF supports.

Quit the program.

Perform NETCONF <get> operation. Retrieves both status as well as configuration data from the current running datastore. For more details see RFC 6241 section 7.7.

get [--help] [--filter-subtree [file] | --filter-xpath XPath] [--defaults report-all|report-all-tagged|trim|explicit] [--out file]

--filter-(s)ubtree [file]

Specifies whether the request will contain a subtree filter (RFC 6241 section 6). The file is expected to contain the filter specification. If it is not specified, it is read from standard input.

--filter-(x)path XPath

Specifies whether the request will contain an XPath filter. XPath is the expression used for filtering.

--(d)efaults report-all|report-all-tagged|trim|explicit

Use :with-defaults capability with specified retrieval mode. For more details see RFC 6243 section 3.

Perform NETCONF <get-config> operation. Retrieves only configuration data from the specified source. For more details see RFC 6241 section 7.1.

get-config [--help] --source running|startup|candidate [--filter-subtree [file] | --filter-xpath XPath] [--defaults report-all|report-all-tagged|trim|explicit] [--out file]

--(s)ource running|startup|candidate

Specifies the source of the <get-config> operation.

--filter-(s)ubtree [file]

Specifies whether the request will contain a subtree filter (RFC 6241 section 6). The file is expected to contain the filter specification. If it is not specified, it is read from standard input.

--filter-(x)path XPath

Specifies whether the request will contain an XPath filter. XPath is the expression used for filtering.

--(d)efaults report-all|report-all-tagged|trim|explicit

Use :with-defaults capability with specified retrieval mode. For more details see RFC 6243 section 3.

Perform NMDA <get-data> operation. For more details see RFC 8526 section 3.1.1..

get-data [--help] --datastore running|startup|candidate|operational [--filter-subtree[=<file>] | --filter-xpath <XPath>] [--config true|false] [--origin <origin>]* [--negated-origin] [--depth <subtree-depth>] [--with-origin] [--defaults report-all|report-all-tagged|trim|explicit] [--out <file>] [--rpc-timeout <seconds>]

--(d)atastore running|startup|candidate|operational

Selects the datastore to get the data of.

--filter-(s)ubtree [file]

Specifies whether the request will contain a subtree filter (RFC 6241 section 6). The file is expected to contain the filter specification. If it is not specified, it is read from standard input.

--filter-(x)path XPath

Specifies whether the request will contain an XPath filter. XPath is the expression used for filtering.

--(c)onfig true|false

Limit the retrieved data to only configuration or only state data, respectively.

--(O)rigin origin

Limit the retrieved data to include only the data with the specified origin.

--(n)egated-origin

Limit the retrieved data by origin but do not include data with the specified origin.

--d(e)pth subtree-depth

Limit the retrieved data to include only subtrees to the specified depth.

--(w)ith-origin

Include the origin metadata in the retrieved data.

--de(f)aults report-all|report-all-tagged|trim|explicit

Use :with-defaults capability with specified retrieval mode. For more details see RFC 6243 section 3.

Perform NETCONF <get-schema> operation that retrieves specified data model used by the server. This operation is available only if the server implements the YANG Module for NETCONF Monitoring. The list of available schemas can be retrieved from /netconf-state/schemas subtree via the <get> operation. For more details see RFC 6022 sections 3.1 and 4.

get-schema [--help] --model identifier [--version version] [--format format] [--out file]

--(m)odel identifier

Identifier for the schema list entry.

--(v)ersion version

Version of the requested schema.

--(f)ormat format

The data modeling language (format) of the requested schema. Default value is yang.

--(o)ut file

Print the result of the command into a file rather than to the standard output.

Display list of commands. --(h)elp option is also accepted by all commands to show detailed information about the command.

Perform NETCONF <kill-session> operation to terminate specified NETCONF session. To terminate the current session, use the disconnect command. For more details see RFC 6241 section 7.9.

kill-session [--help] --sid sesion-ID

--(s)id session-ID

Session identifier of the NETCONF session to be terminated.

Perform YANG notifications <kill-subscription> operation. For more details see RFC 8639 section 2.4.5..

kill-sub [--help] --id <sub-ID> [--out <file>] [--rpc-timeout <seconds>]

--(i)d sub-ID

ID of the subscription to kill.

Manage the user knownhosts file where all the known SSH server host keys are stored.

knownhosts (--help | --del <key_index> | --mode <accept|accept-new|ask|skip|strict>)

--(d)el key_index

Remove a host key on a specific index. Useful when the server host key changed and the client refuses to connect. But note that unless the change is known (such as the key being newly generated), it is not safe to blindly trust a modified host key.

--(m)ode accept|accept-new|ask|skip|strict

Set the host key checking mode used when connecting over SSH.

accept

Add the host key to the knownhosts file without prompting and allow connections to servers that changed their host key.

accept-new

Add the host key to the knownhosts file without prompting, but only if it is not already there.

ask

Prompt the user to accept the host key. This is the default mode.

skip

Skip the host key and do not add it to the knownhosts file.

strict

Do not add the host key to the knownhosts file and refuse to connect to hosts whose host key is not known or has changed.

Listen for a NETCONF Call Home connection.

listen [--help] [--timeout sec] [--host hostname] [--port num] [--ssh] [--login username] --tls  [--cert cert_path [--key key_path]] [--trusted trusted_CA_store.pem]

--t(i)meout sec

Specifies the time for how long the CLI will listen for the Call Home connection. By default, 60 (a minute) is used.

--h(o)st hostname

Specifies the hostname (interface) to listen on. By default, ::0 is used.

other options

The rest of the options have similar meaning as in connect.

Perform the NETCONF <lock> operation to lock the entire configuration datastore of a server. For more details see RFC 6241 section 7.5.

lock [--help] --target running|startup|candidate

--(t)arget running|startup|candidate

Target datastore to lock..

Perform YANG push <modify-subscription> operation. For more details see RFC 8641 section 4.4.2..

modify-push [--help] --id <sub-ID> --datastore running|startup|candidate|operational [--filter-subtree[=<file>] | --filter-xpath <XPath> | --filter-ref <name>] [--end <time>] (--periodic --period <period> [--anchor-time <time>] |--on-change [--dampening-period <period>]) [--out <file>] [--rpc-timeout <seconds>]

--(I)d sub-ID

ID of the subscription to modify.

--(d)atastore running|startup|candidate|operational

Modifies the datastore to subscribe to for YANG push updates.

--filter-(s)ubtree [file]

Modifies the subtree filter of the subscription.

--filter-(x)path XPath

Modifies the XPath filter of the subscription.

--(f)ilter-ref name

Modifies the referenced filter of the subscription.

--(e)nd time

Modifies the subscription end time.

--per(i)od period

Modifies the periodic push subscription period.

--(a)nchor-time time

Modifies the periodic push subscription point in time to anchor the period to.

--da(m)pening-period period

Modifies the on-change push subscription dampening period.

Perform YANG notifications <modify-subscription> operation. For more details see RFC 8639 section 2.4.3..

modify-sub [--help] --id <sub-ID> [--filter-subtree[=<file>] | --filter-xpath <XPath> | --filter-ref <name>] [--end <time>] [--out <file>] [--rpc-timeout <seconds>]

--(i)d sub-ID

ID of the subscription to modify.

--filter-(s)ubtree [file]

Specifies whether the request will contain a subtree filter (RFC 6241 section 6). The file is expected to contain the filter specification. If it is not specified, it is read from standard input.

--filter-(x)path XPath

Specifies whether the request will contain an XPath filter. XPath is the expression used for filtering.

--(f)ilter-ref name

Specifies whether the request will contain a referenced stored filter.

--(e)nd time

Specifies when the event replay stops. Format of the time parameter is as follows:

+time

Current time plus the given number of seconds.

time

Absolute time as number of seconds since 1970-01-01.

-time

Current time minus the given number of seconds.

Monitor the client connection status.

monitor [--help] [on | off]

Set the format for all the output data. XML is the default.

outputformat (xml | xml_noformat | json)

Perform YANG push <resync-subscription> operation. For more details see RFC 8641 section 4.4.4..

resync-sub [--help] --id <sub-ID> [--out <file>] [--rpc-timeout <seconds>]

--(i)d sub-ID

ID of the on-change subscription to resync.

Set the directory, which will be used when searching for modules. Modules are always needed to be able to work with the same data as a NETCONF server. They are searched locally (in this directory) only if the server does not support the <get-schema> NETCONF operation. If it does, all the modules (except ietf-netconf-monitoring, which includes the definition of the <get-schema> RPC itself) are downloaded from the server.

searchpath model-dir-path

Print information about the current NETCONF session.

Perform NETCONF Event Notifications <create-subscription> operation. For more details see RFC 5277 section 2.1.1.

subscribe [--help] [--filter-subtree [file] | --filter-xpath XPath] [--begin time] [--end time] [--stream stream] [--out file]

--filter-(s)ubtree [file]

Specifies whether the request will contain a subtree filter (RFC 6241 section 6). The file is expected to contain the filter specification. If it is not specified, it is read from standard input.

--filter-(x)path XPath

Specifies whether the request will contain an XPath filter. XPath is the expression used for filtering.

--(b)egin time

Start to replay event notifications from past (future time is not valid). If the start time is not specified, replay feature is not activated and only new event notifications are received. Format of the time parameter is described below.

--(e)nd time

Specifies when the event replay stops. Format of the time parameter is as follows:

+time

Current time plus the given number of seconds.

time

Absolute time as number of seconds since 1970-01-01.

-time

Current time minus the given number of seconds.

--s(t)ream stream

Specifies which event stream is of the interest. If not specified, default NETCONF stream is received. The list of available streams can be retrieved from /netconf/streams subtree via the <get> operation.

Time all the commands (that communicate with a server) from issuing an RPC to getting a reply.

timed [--help] on|off

Perform the NETCONF <unlock> operation to release a configuration lock, previously obtained with the <lock> operation. For more details see RFC 6241 section 7.6.

lock [--help] --target running|startup|candidate

--(t)arget running|startup|candidate

Target datastore to unlock.

Send your own content in an RPC envelope.

user-rpc [--help] [--content file] [--out file]

--(c)ontent file

Specifies a file containing NETCONF RPC operation in XML format. Only the NETCONF <rpc> envelope is added to the file content and then it is sent to a server. If the file is omitted, the RPC content is read from the standard input.

--(o)ut file

Print the command result into a file rather than to the standard output.

Perform the NETCONF <validate> operation to validate configuration data. For more details see RFC 6241 section 8.6.4.1.

validate [--help] (--source running|startup|candidate|url:url | --src-config [file])

--(s)ource running|startup|candidate|url:url

Specifies the source of the <validate> operation. Either a datastore or a specific URL can be specified.

--src-(c)onfig [file]

Specifies the source of the <validate> operation. If a file with the configuration is not specified, the configuration is read from the standard input.

Set CLI verbosity. Only errors are printed by default.

verb (error/0 | warning/1 | verbose/2 | debug/3)

Print the CLI version.

Display list of commands. --(h)elp option is also accepted by all commands to show detailed information about the command.

Quit the program.