Page MenuHomeVyOS Platform
Create Task
Maniphest T3439

Commit-archive location not working for scp
Closed, ResolvedPublicBUG
Actions

Description

yos@vyos# set sys confi commit-a lo 'scp://root:[email protected]:/root/bac
[edit]
vyos@vyos# compare
[edit system config-management]
+commit-archive {
+    location scp://root:[email protected]:/root/back
+}
[edit]
vyos@vyos# commit
Archiving config...
  scp://192.168.255.176:/root/back curl: (60) SSL peer certificate or SSH remotK
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
 Failed!
[edit]
vyos@vyos# run sh conf comm | grep config
set system config-management commit-archive location 'scp://root:[email protected]'
set system config-management commit-revisions '100'

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202103251004
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects
Search...

StatusSubtypeAssignedTask
 In progressFEATURE REQUESTNoneT3355 Remove all remaining legacy Vyatta code
 ResolvedFEATURE REQUESTerkinT3356 Script for remote file transfers
 ResolvedBUGerkinT3439 Commit-archive location not working for scp

Event Timeline

SrividyaA created this task.Mar 27 2021, 7:32 PM
pasik added a subscriber: pasik.Mar 27 2021, 9:44 PM
SrividyaA added a comment.Mar 29 2021, 12:38 PM

This command is used to generate the ssh fingerprint of your host when vyos cannot verify the legitimacy of the remote server

ssh-keyscan >> ~/.ssh/known_hosts

Then you can configure the commit-archive command for scp or others.

set system config-management commit-archive location

Reference link:
https://docs.vyos.io/en/latest/cli.html#remote-archive

Tested in the lab:

vyos@vyos:~$ sh ver

Version:          VyOS 1.4-rolling-202103251004
Release Train:    sagitta

Built by:         [email protected]
Built on:         Thu 25 Mar 2021 10:09 UTC

vyos@vyos:~$ sudo ssh-keyscan 192.168.x.x >> ~/.ssh/known_hosts
# 192.168.x.x:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
# 192.168.x.x:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
# 192.168.x.x:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2

[edit system config-management]
vyos@vyos# set commit-archive location scp://root:[email protected]/root/backup
[edit system config-management]
vyos@vyos# commit
Archiving config...
  scp://192.168.x.x/root/backup  OK

root@debian:~# ls -ltr /root/backup
total 12
-rw-r--r-- 1 root root 1205 Mar 29 01:52 config.boot-vyos.20210329_095215
-rw-r--r-- 1 root root 1205 Mar 29 02:04 config.boot-vyos.20210329_100404
-rw-r--r-- 1 root root 1204 Mar 29 02:04 config.boot-lab.20210329_100448
SrividyaA closed this task as Invalid.Mar 29 2021, 12:39 PM
raphielscape added a subscriber: raphielscape.Mar 30 2021, 1:09 AM

I tried using ssh-keyscan and it's still didn't work for me and it still having the same curl error 60

vyos@vyos:~$ sh ver

Version:          VyOS 1.4-rolling-202103251004
Release Train:    sagitta

Built by:         [email protected]
Built on:         Thu 25 Mar 2021 10:09 UTC
Build UUID:       968aa51d-3c53-4009-b8ec-b67d3ba028d0
Build Commit ID:  3ccfd2bf06c7d1

Architecture:     x86_64
Boot via:         installed image
System type:      bare metal

Hardware vendor:  Hewlett-Packard
Hardware model:   HP Mini 210-2000
Hardware S/N:     4CZ0362262
Hardware UUID:    e7cc0a3a-2152-2ffe-33e3-5e8f57258c1d

Copyright:        VyOS maintainers and contributors
vyos@vyos:~$ sudo ssh-keyscan 192.168.1.100 >> ~/.ssh/known_hosts
# 192.168.1.100:22 SSH-2.0-OpenSSH_8.1
# 192.168.1.100:22 SSH-2.0-OpenSSH_8.1
# 192.168.1.100:22 SSH-2.0-OpenSSH_8.1
vyos@vyos:~$ conf
[edit]
vyos@vyos# save scp://raphielrollerscaperers:[email protected]:/~/Documents/GitHub/vyos-backup/vyos-30032021
Saving configuration to 'scp://raphielrollerscaperers:[email protected]:/~/Documents/GitHub/vyos-backup/vyos-30032021'...
#=#=-  #     #
curl: (60) SSL peer certificate or SSH remote key was not OK
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Error saving scp://raphielrollerscaperers:[email protected]:/~/Documents/GitHub/vyos-backup/vyos-30032021
[edit]
vyos@vyos#
SrividyaA reopened this task as Open.Mar 30 2021, 10:17 AM
SrividyaA added a comment.Mar 30 2021, 3:53 PM

Hi @raphielscape ,

The workaround for save command does not seem to work, have you tried for commit-archive option ?

Can you check if the keys are stored in the file ~/.ssh/known_hosts .

SrividyaA added a comment.Mar 31 2021, 12:40 PM

Parent task: https://phabricator.vyos.net/T3356

erkin added a parent task: T3356: Script for remote file transfers.Apr 1 2021, 10:19 AM
erkin closed this task as Resolved.Apr 24 2021, 2:18 PM
erkin claimed this task.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.May 24 2021, 7:38 PM