Hello everyone, I hope this mailing list is the correct place for my message. I am the developer of GoRTR (https://github.com/cloudflare/gortr), a tool to send RPKI/ROA validated data to routers. I just implemented SSH support (no-auth, password and publickey) With Bird 2.0.2, I managed to setup a cleartext connection. I made a docker-compose environment with two birds connected and a GoRTR. https://github.com/lspgn/compose-bird-gortr While it's not impacting, when the RTR server returns a NO DATA, the client will bomb of requests as shown by a higher log level of GoRTR.
gortr_1 | time="2019-04-11T21:40:13Z" level=debug msg="10.1.0.3:54874 (v1) / Serial: 0: Received PDU Reset Query v1" gortr_1 | time="2019-04-11T21:40:13Z" level=debug msg="10.1.0.3:54874 (v1) / Serial: 0 > Request Cache" gortr_1 | time="2019-04-11T21:40:13Z" level=debug msg="10.1.0.3:54874 (v1) / Serial: 0 < No data" gortr_1 | time="2019-04-11T21:40:13Z" level=debug msg="10.1.0.3:54874 (v1) / Serial: 0: Received PDU Reset Query v1" gortr_1 | time="2019-04-11T21:40:13Z" level=debug msg="10.1.0.3:54874 (v1) / Serial: 0 > Request Cache"
I am not sure if I'm missing a timeout but I feel this may be a bug. For ssh I am having another issue. The faulty configuration is the following: https://github.com/lspgn/compose-bird-gortr/blob/bird-rtr-ssh/bird/config_lo... With the statement:
protocol rpki gortr { debug all; roa4 { table t_roa4; }; roa6 { table t_roa6; }; remote "10.1.0.4" port 8283; transport ssh { user "rpki"; bird private key "/etc/bird/id_rsa"; }; retry keep 90; refresh keep 900; expire keep 172800; }
The logs are the following:
Creating network "bird-gortr-compose_vpcbr" with driver "bridge" Creating bird-gortr-compose_gortr_1 ... done Creating bird-gortr-compose_bird1_1 ... done Attaching to bird-gortr-compose_gortr_1, bird-gortr-compose_bird1_1 gortr_1 | time="2019-04-12T00:33:16Z" level=info msg="Enabling ssh with the following authentications: password=false, key=true" gortr_1 | time="2019-04-12T00:33:18Z" level=info msg="New update (79929 uniques, 79929 total prefixes). 0 bytes. Updating sha256 hash -> db4486e353d9f1f7e30ad90ab4b93c0c91adb30dfc572a0493ca8030471768c9" gortr_1 | time="2019-04-12T00:33:18Z" level=info msg="Updated added, new serial 1" gortr_1 | time="2019-04-12T00:33:18Z" level=info msg="Accepted ssh connection from 10.1.0.2:33758 (1/0)" gortr_1 | time="2019-04-12T00:33:18Z" level=info msg="Connected (ssh-key): rpki/10.1.0.2:33758 with key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1PYoRv0xuIMbv6aQZbXUNzqS611+FgahO0tNJ1C/CD2yxmzDuijjiAL3ia3UNPuIwS4Bwukn0EQJP/J2UGM0ABGR6r8n46RzFFkBqVBXrpRNThsD36hSYeUqfir1DChxknXCEG0pLcs5cW3OZagROcW5eZbbbTD40lIglhthtrf/9d241WUcvrhXiE/VaZvj8wi2lY26MuvqDGJgApOK4gi4gLzlr5qT4aDIzUIV0LlYul3hOFX/UMlX0yJg2cgEz/xRRlUfpsx6rQkwQZ0z1lwI0QBvHlON/+Azy/HmGWFcQ2S0V+CWUFHoZ/PBqmBnLT5MBSy5r/9RQVfoaeHBv" gortr_1 | time="2019-04-12T00:33:18Z" level=error msg="Error with ssh client 10.1.0.2:33758: ssh: unmarshal error for field Language of type disconnectMsg" gortr_1 | time="2019-04-12T00:33:18Z" level=info msg="Accepted tcp connection from 10.1.0.3:55344 (1/0)" bird1_1 | bird: gortr: Channel roa4 connected to table t_roa4 bird1_1 | bird: gortr: Channel roa6 connected to table t_roa6 bird1_1 | bird: gortr: Initializing bird1_1 | bird: gortr: Starting bird1_1 | bird: gortr: Changing from Down to Connecting state bird1_1 | bird: gortr: Opening a connection bird1_1 | bird: gortr: State changed to start bird1_1 | bird: Started bird1_1 | bird: gortr: Lost connection: Failed to read private key: /etc/bird/id_rsa bird1_1 | bird: gortr: Changing from Connecting to Transport-Error state bird1_1 | bird: gortr: Closing a connection
GoRTR sees the connection with the correct public key but Bird drops it. If I do not set any statement "bird private key", it does not connect as well. Have anyone successfully setup a RTR+SSH session? The password authentication work well with Cisco routers but apart from rtrdump (another tool related to GoRTR) I could not test publickey authentication. Thank you in advance, Best, Louis