Page MenuHomeVyOS Platform
Create Task
Maniphest T3265

RPKI: Cache-peer SSH connection misses public key portion
Closed, InvalidPublicBUG
Actions

Description

vyos@vyos# show protocols rpki
 cache foobar {
     address 192.0.2.1
     port 8080
     ssh {
         known-hosts-file /config/auth/known_hosts
         private-key-file /config/auth/id_rsa_rpki
         public-key-file /config/auth/id_rsa_rpki.pub
         username vyos
     }
 }

Renders in FRR to:

rpki
  rpki polling_period 3600
  rpki cache 192.0.2.1 8080 vyos /config/auth/id_rsa_rpki /config/auth/known_hosts preference 1
  exit

FRR manual states:
rpki cache (A.B.C.D|WORD) PORT [SSH_USERNAME] [SSH_PRIVKEY_PATH] [SSH_PUBKEY_PATH] [KNOWN_HOSTS_PATH] PREFERENCE

http://docs.frrouting.org/en/latest/bgp.html?highlight=rpki#clicmd-rpkicache(A.B.C.D|WORD)PORT[SSH_USERNAME][SSH_PRIVKEY_PATH][SSH_PUBKEY_PATH][KNOWN_HOSTS_PATH]PREFERENCE

So out public key portion is missing.

Details

Difficulty level
Easy (less than an hour)
Version
1.2.6
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

c-po changed the task status from Open to Confirmed.Jan 29 2021, 7:31 AM
c-po triaged this task as Normal priority.
c-po created this task.
c-po edited projects, added VyOS 1.2 Crux (VyOS 1.2.7); removed VyOS 1.2 Crux.
c-po added a project: VyOS 1.3 Equuleus.
c-po closed this task as Invalid.Jan 29 2021, 7:35 AM
c-po claimed this task.

Actually even when setting the public key manually, FRR won't show it on a subsequent run:

vyos(config-rpki)# rpki cache 1.1.1.1 444 myuser /config/auth/id_rsa_rpki /config/auth/id_rsa_rpki.pub /home/vyos/.ssh/known_hosts preference 2
vyos(config-rpki)# end
rpki
  rpki polling_period 86400
  rpki cache 1.1.1.1 44 myuser /config/auth/id_rsa_rpki /home/vyos/.ssh/known_hosts preference 1
  rpki cache 1.1.1.1 444 myuser /config/auth/id_rsa_rpki /home/vyos/.ssh/known_hosts preference 2
  exit
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Mar 18 2021, 4:26 PM
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.7) board.Jul 19 2021, 8:49 PM
dmbaturin removed a project: VyOS 1.3 Equuleus.Sep 10 2021, 2:40 PM