Page MenuHomeVyOS Platform

Fail to save configuration via scp/sftp
Open, Requires assessmentPublic

Description

Version: 1.3.0-rc4

When trying to save configuration to remote host (ssh server), it fails with following message:

vyos@vyos# save sftp://user:pass@host/path/of/file
Saving configuration to 'sftp://user:pass@host/path/of/file'...
##O#-  #                                                                                                             
curl: (60) SSL peer certificate or SSH remote key was not OK
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Error saving sftp://user:pass@host/path/of/file

As far as I know, it once worked in 1.3.0-rc1. Not sure when it broke.

Details

Difficulty level
Unknown (require assessment)
Version
1.3.0-rc4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

Have tried 1.3.0-rc5, the issue remains.

Have tried, but no luck.

vyos@vyos# ssh-keyscan 192.168.20.19 >> ~/.ssh/known_hosts
# 192.168.20.19:22 SSH-2.0-OpenSSH_8.4
# 192.168.20.19:22 SSH-2.0-OpenSSH_8.4
# 192.168.20.19:22 SSH-2.0-OpenSSH_8.4
vyos@vyos# save sftp://user:pass@192.168.20.19/path/of/file
Saving configuration to 'sftp://user:pass@192.168.20.19/path/of/file'...
##O#-  #                                                                                                             
curl: (60) SSL peer certificate or SSH remote key was not OK
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Error saving sftp://user:pass@192.168.20.19/path/of/file

And according to the code snip https://github.com/vyos/vyatta-cfg/blob/16c953a07f0c132e7f86efca7effbe46dc41038d/scripts/vyatta-save-config.pl#L127-L152, it seems that it already covers the action you mentioned.

@ramaxlo You can try to set this workaround:

sudo nano -c +136 /opt/vyatta/sbin/vyatta-save-config.pl

Replace string:

$rc = system("curl -u $user -# -T $url_tmp_file $save_file");

To string:

$rc = system("curl --insecure -u $user -# -T $url_tmp_file $save_file");

Have tried as you suggested, and confirmed it works.

Thanks.