Page MenuHomePhabricator

SSH remote key was not OK
Open, Requires assessmentPublicBUG

Description

You want VyOS to send a remote backup through SFTP after every commit, so you configure it with

set system config-management commit-archive location sftp://user:password@address:port/directory

The server is a vsftpd on CentOS

When you do

commit

you get the following error:

curl: (51) SSL peer certificate or SSH remote key was not OK

However, if -on same VyOS- you do

sudo sftp -P port user@address

and enter the password when prompted, Then the SFTP session is established without a problem.

@Dmitry found where the problem is and described a workaround:

Edit /opt/vyatta/sbin/vyatta-commit-push.pl
and replace the following line

$cmd = "curl -g -s -S -T $tmp_push_file $uri/$save_file";

with this one

$cmd = "curl -k -g -s -S -T $tmp_push_file $uri/$save_file";

Adding option -k (insecure) allows the connection to be established even though certificates cannot be verified, as in auto-signed certificates, so remote backup can be done through VyOS CLI without the mentioned error.

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.2.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

s.lorente updated the task description. (Show Details)
s.lorente updated the task description. (Show Details)Dec 10 2019, 10:54 AM
pasik added a subscriber: pasik.Dec 10 2019, 1:32 PM