Error while upgrading from 1.2.X to 1.3.X, when multiple ciphers comma-sepparated are defined.
Steps to reproduce:
1 - On fresh install on VyOS 1.2.8:
service ssh ciphers aes128-ctr,aes192-ctr,aes256-ctr
2 - Add 1.3.0 system image and reboot
3 - After reboot, see error in last lines:
[ 20.769494] vyos-router[691]: Mounting VyOS Config...done. [ 26.181257] vyos-router[691]: Starting VyOS router: migrate rl-system firewall configure failed! [ 27.076590] vyos-config[708]: Configuration error Welcome to VyOS - vyos ttyS0 vyos login: vyos Password:
4 - Verify there's no ssh config loaded:
vyos@vyos:~$ show config comm | grep ssh vyos@vyos:~$
5 - Load config from config.boot file, verify ssh entries, and try to commit:
vyos@vyos# load /config/config.boot
Loading configuration from '/config/config.boot'
Load complete. Use 'commit' to make changes effective.
[edit]
vyos@vyos# compare
[edit service]
+ssh {
+ ciphers aes128-ctr,aes192-ctr,aes256-ctr
+ port 22
+}
[edit]
vyos@vyos# commit
[ service ssh ciphers aes128-ctr,aes192-ctr,aes256-ctr ]
[ service ssh ciphers aes128-ctr,aes192-ctr,aes256-ctr ]
Invalid value
[[service ssh]] failed
Commit failedOn VyOs 1.3.0, ssh ciphers must be defined in different entries, and no in a single one using comma. For this example:
set service ssh ciphers aes128-ctr set service ssh ciphers aes192-ctr set service ssh ciphers aes256-ctr
This error is critical while remote administrating the router, because after upgrade, ssh is not loaded at all!