Page MenuHomeVyOS Platform

Loadkey scp ssh key errors
Closed, ResolvedPublicBUG

Description

Load ssh pub key to vyos.

vyos@vyos-roll# loadkey vyos scp://root@10.0.3.2/root/.ssh/id_rsa.pub
Enter host password for user 'root':

curl: (60) SSL peer certificate or SSH remote key was not OK
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Done
[edit]
vyos@vyos-roll#

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3-rolling-202004291652
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

pasik added a subscriber: pasik.May 3 2020, 8:02 PM

I replace

my $cmd = "curl -#";

to

my $cmd = "curl --insecure -#";

in https://github.com/vyos/vyatta-cfg-system/blob/current/scripts/vyatta-load-user-key.pl#L64

It loads the key from the remote side but generates another error

vyos@r2-roll# loadkey vyos scp://vyos@192.168.122.11/etc/ssh/ssh_host_rsa_key.pub
Enter host password for user 'vyos':
########################################################################################################################################################################### 100.0%

error: Ignoring /opt/vyatta/etc/config/archive/lr.conf because it is writable by group or others.
Done

With that replace I see this is an error in each commit

vyos@r1-roll# delete firewall 
[edit]
vyos@r1-roll# commit
error: Ignoring /opt/vyatta/etc/config/archive/lr.conf because it is writable by group or others.
[edit]
Viacheslav added a comment.EditedAug 13 2020, 8:47 AM
vyos@r4-roll# loadkey vyos scp://ubuntu@10.0.3.3/etc/ssh/ssh_host_rsa_key.pub
Enter host password for user 'ubuntu':
########################################################################################################################################################################### 100.0%

Done
[edit]
vyos@r4-roll# set interfaces ethernet eth0 description WAN
[edit]
vyos@r4-roll# commit
[edit]
vyos@r4-roll# 

vyos@r4-roll# run show version 

Version:          VyOS 1.3-rolling-202008120118

The key loaded successfully. There are no more mistakes.

The PR126 is relevant.

Viacheslav closed this task as Resolved.Mon, Aug 24, 9:59 AM
Viacheslav claimed this task.