RARE user and assistance email list

["David Schmitz" <>]

Hi,

On Thu, 29 Jun 2023, mc36 wrote:

> Date: Thu, 29 Jun 2023 16:31:40 +0200
> From: mc36 <>
> Reply-To: , 
> To: , 
> Subject: Re: [freertr] SSH to Freertr with Private/Public Keys
>
> then you can have n+ bgp processes and one-way redistrubute from the arriving 
> side back to the collector...
Actually, in the original use of NeMo, i.e., the way it is used in DFN,
there is one collector per router.

Of course there will be scaling issues,
when there is only a limited number of collectors or even only one.

> even more fun if you configure a bmp and mrt sesssion to the receiving 
> freerouter then it's a realtime
>
> through server http asdfas
> host * path /rtr/collector
>
> the bmp is needed to have a backup collector
Ok, these might be interesting paths to explore
how to adapt NeMo's statistics collection on the long-term.
And of course, scaling remains an issue.


> etc...
>
>
> i still keep my opinion that dear nemo team the hack u prepare for?!?!?!
>
> if you police/redirect to the hell a bgp then the internet times out and dies 
> till u poll da cord...:((((
I understand your concerns.
Of course, one has to be very careful 
regading the finally applied mitigations from NeMo.

In DFN original use case, each mitigation
is fully reviewed by experts and the customer
before it is applied, as far as I know.

Best Regards
David

> On 6/29/23 16:28, David Schmitz wrote:
> > Hi,
> >
> > On Thu, 29 Jun 2023, mc36 wrote:
> >
> > > Date: Thu, 29 Jun 2023 16:12:46 +0200
> > > From: mc36 <>
> > > To: , 
> > > Subject: Re: [freertr] SSH to Freertr with Private/Public Keys
> > >
> > > so normally nemo will have a webui from you david and you'll originate 
> > > shit from flowspec from exabgp....
> > That's right,
> > at least as far as the mitigation itself, that is the signalling for it,
> > is concerned.
> >
> > > i dont think a controlled needs ssh to core0.paris.geant.org at ssh level 
> > > for any reason.....
> > It seems to me that NeMo config for ssh public keys is
> > used in NeMo for somehow pulling mitigation statistics from the router, at 
> > least in the CISCO case.
> >
> > So, this is not going to work with freertr anyway, at least not with 
> > adaption.
> >
> > Maybe I am wrong.
> > So, we will definitely check with the NeMo team about this.
> >
> > Best Regards
> > David
> >
> > > br,
> > >
> > > cs
> > >
> > > On 6/29/23 16:10, David Schmitz wrote:
> > > > Hi,
> > > >
> > > > On Thu, 29 Jun 2023, mc36 wrote:
> > > >
> > > > > Date: Thu, 29 Jun 2023 16:05:05 +0200
> > > > > From: mc36 <>
> > > > > Reply-To: , 
> > > > > To: David Schmitz <>
> > > > > Cc: , ,
> > > > >     Frédéric LOUI <>
> > > > > Subject: Re: [freertr] SSH to Freertr with Private/Public Keys
> > > > >
> > > > > i dont think so....
> > > > >
> > > > > generate the fresh 4k rsa priv/pub key
> > > > >
> > > > > and just import the pub file without formatting to the config...
> > > > Ok, we will try that.
> > > > Thanks.
> > > >
> > > > > btw i dont think for nemo u need anything but bgp flowspec....?!?!!?!?
> > > > Good point.
> > > > For some reason NeMo has some config that.
> > > >
> > > > We will ask NeMo people whether it is really necessary in our case.
> > > >
> > > > Best Regards
> > > > David
> > > >
> > > > > On 6/29/23 16:03, David Schmitz wrote:
> > > > > > Hi,
> > > > > >
> > > > > > On Thu, 29 Jun 2023, mc36 wrote:
> > > > > >
> > > > > > > Date: Thu, 29 Jun 2023 15:51:38 +0200
> > > > > > > From: mc36 <>
> > > > > > > To: , ,
> > > > > > >     Frédéric LOUI <>
> > > > > > > Cc: David Schmitz <>
> > > > > > > Subject: Re: [freertr] SSH to Freertr with Private/Public Keys
> > > > > > >
> > > > > > > hihi,
> > > > > > >
> > > > > > > so back from my afternoon coffee from the park, and still: i have nor 
> > > > > > > crystal ball nor time to play stupid puzzles at the moment... :)
> > > > > > >
> > > > > > > sho run / sho run hide / sh run all hide / "sho run | pastebin"  if 
> > > > > > > you found the way to configuret that... ;))))
> > > > > >
> > > > > > Maybe, a some more details:
> > > > > >
> > > > > > The issue that for NeMO it is needed to have the public key exported
> > > > > > outside of freertr in a format understandable by NeMo.
> > > > > >
> > > > > > So, one idea was to create the private/public key pair externally 
> > > > > > outside of freertr,
> > > > > > e.g., with ssh-keygen, and then import it to freertr by
> > > > > > "crypto ... external".
> > > > > >
> > > > > > Before, the idea was to export the key created internally in freertr:
> > > > > > But, trying to interpret the contents of the base64 string (the stuff 
> > > > > > after the '$v10$') in the config,
> > > > > > e.g., as in
> > > > > > ...
> > > > > > crypto rsakey rsa import 
> > > > > > $v10$TUlJRW9nSUJBQUtDQVFCNUcxQjJGd216Ly9rTDJKN0xjdTZHckxmVGdjOEJ6aHpnNHVteEhJaVFrdFZ4U2xnQmFFSDBlQmhFdlhJMzA4d2ZNaUVvcWEzNnBMdFlKN3pmK0pGekIrRWJtdDJNZUc2ZURxc3IreGhsSmMzYkozTzhvNVRjZEIxblhKbEV2T0RlOTdycTJnT0xPSjJGaFdwbVBBd3dYTStLVXMxR05iL1hWR09tQUJrMzhlNXpYMU9XU01Oa0dEUXV1MEt3WUNub2pvbXBQdnMvZktVNW13b3ZCeXk3MjNTakdOQ3BYTEQweGRnTUord1ZSQ2NkV1huejk4bUNzRVBtKzJlbTJQbDMrVWU0WnNSVFJQb1JWTHdmVWdNcnViZ21BdFE1QWJtSTdDejdWZmQzRHVpbkVuZFJLSzl0N3dWeEVpcUZkN2Z2c2pYc0hoNVQrK2hqSnJ3TVc3UWxBZ01CQUFFQ2dnRUFSVWlvRm5jRm1SR204KzBBbzVuajllNFgySXZaMXNtSTRldFBFSUVuYTdabEg4UU5adml6U3QzdDNGMlpXM0R5eFNJVHNFU3FnTXIvVnVhYytuRWxITzcwREt2amRYcHNwa1gwRFZ4QVQ1VjZHSmVRY2VvUHZyTTdJeWZwazFhUE8xLzBjbWs1UDh1cTZua3lMcnpKcUYxZ2FsMEdqTlV4SkVwbUc5RFFuSjBrbkw1Vkp4WmQzSTMvOStPZFVtOWJWM3NrdTVBTXk2YnhQOCtSOTJ5QzVFdThvTFoxMUxUVXk2TXNBb3FsalhIcWhIOVlTQ2RLaEtpenFKVEpOSVI3WVVQK0FOb0E0aWwrZXlzSFFQaS94L3dEVGdRY2czZ1N5SFpNYXNIRW51d1VCV2pGOWdYZ2R1VEVtc3VQVGdKdCtZZG4zcXJIMWkxamcxbDlGSGUxWVFLQmdRREJNNjBNUFNkL1pq
> > > > > > ZU9nQW5MUS94VlBnN2V6NnlnOENweHdsbWNwL25YbWM2TDdJa3dVUXJ0OGlMREN2clZ2dUZYVS9jell1Q2ZYVUc2MVVnNENMQldSM05LcXFuYVJSQ2hNdTBNV2JGd01wVHRHcjN3NXFlbXVtdU1VYWp5Z0pmK2Y2RFNtU01nbG5sR1E3M2FsVkx4bHl6TlE3RGVNdGd6eThyV1lhSytpUUtCZ1FDZ2VKblFuVDN2dkVhT3RzWUdKQVFYUXBFNk5ocjl0OW9TSjJ5dGMyWGpoL0pDbGhSMTBjYndnRzJ0SWhHVHE2WnQxSWNzNCtxVWxsdUxkUDBrRWRjQTErTXBKa3FLand1UE9MTjVUL1JaQ2pxSUJVL3lGR2xkeDlaN29tNGVLUFBPRDROdGZTKzdHRmdqTHB5ajFEOGFldDZ4OFJRVXV6bGRvNksycnlLQnZRS0JnUUNidmVwN2VUakR6RVJ3ek9vWVB6L0QvM2pCU0N2aXVIZWVxSXJRYStCTldxRlR6bU53M1lPditJYnBMNHF3ajJUYm5zWWhXRTIyYWRpNG9ZSE1HY1Q4YURDYU9pVWQzSnJoTjBvN3NIb0c5ZDl6bXlFT2R3RWl1QmhHVHZXZ051VlB0TmFScmZ6UklqdTAxcHJPLzV5VFA4aFAxNGRXTnlwdDVwUW1hU0psOFFLQmdFbVlCYkxPNm1EUUQrdlRsdTJxQnRaRUNTYVJPYit5V2FpSnZDV3dEc0pTenFBTEJFY2tkZ0JHWmdaSTRaYS8yZ3YwdENtNlBSTDRBZlBySzAwbmdWczVwMHh2Nnkrd2VyU3NaR0wyY0RHRnAySktUV2ZRUktKbHk4L1hwbmplZnpHNW02VFRETmpaU1ZLWlJlMDhvZFFiRlphMTRXZkFsWWFFVFZOSzdxQmhBb0dBVmIyZmduRlM1ZWJjZUx5cXY1ZHFwYU9iUVljZC9vV0FaWVJBQ1BGNGNHZHk0cE8 
> > > > > > 5Q WV 2ejd5UHN4O
> > > > > > XB6SUNsS0hNNU9DQmtXMHNLNkt2ZHI3TUR1NFVVenR5SnNXOURMUmFuSUg4OCtaZ0hYZnk3TThyNmJzTklrVlMyQml6SExXRmVZNW5kOWt2WFZMOHNQY3dVN2dvM29VUEZlVkRFdm1ZanpsVkZFcm1NPQ==
> > > > > > ...
> > > > > > we were not succesful yet.
> > > > > >
> > > > > > So, any ideas?
> > > > > >
> > > > > > Thanks in Advance.
> > > > > >
> > > > > >
> > > > > > > and frederic have the knowledge and spare time to dissect the details 
> > > > > > > imho... :)
> > > > > > >
> > > > > > > i do care about the bits my nren and that cisco is just uploading a 
> > > > > > > rarity just for mee so sry...
> > > > > > >
> > > > > > > cul8r on this thread on the next week monday...
> > > > > > >
> > > > > > > if you found your answer in that time feel free to reply-all and share 
> > > > > > > the results with all of us on one of the threads :)
> > > > > > >
> > > > > > > even better a small update 4 all of us how your 3g-->3g-->5g control 
> > > > > > > plane stuffs are going on and if you arrived to activate a dataplane 
> > > > > > > to your demos?
> > > > > > On this the other sub group is working on.
> > > > > >
> > > > > > Maybe, they can give an update here?
> > > > > >
> > > > > >
> > > > > > Best Regards
> > > > > > David
> > > > > >
> > > > > > > thx,
> > > > > > >
> > > > > > > cs
> > > > > > >
> > > > > > > On 6/29/23 14:59, Nikos Kostopoulos wrote:
> > > > > > > > Hi cs,
> > > > > > > >
> > > > > > > > I was able to SSH to freertr using passwords. However, I don't know 
> > > > > > > > how to configure SSH using private/public RSA key pairs.
> > > > > > > >
> > > > > > > > I guess the magic is at: crypto rsakey rsa external FILE
> > > > > > > >
> > > > > > > > where you can load a key from an external FILE. When I try this, I 
> > > > > > > > get "% error decoding" although I have tried with base64 keys (using 
> > > > > > > > command "cat id_rsa.pub | base64 | tr -d \\n").
> > > > > > > >
> > > > > > > > I also expected some "show" commands related to crypto, e.g. "show 
> > > > > > > > crypto". Is something like this available in freertr? Could I use for 
> > > > > > > > example crypto rsakey rsa generate 2048 and get the public key 
> > > > > > > > corresponding to the generated key?
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > > Nikos

--

David Schmitz

Boltzmannstrasse 1, 85748 Garching
Telefon:   +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:  




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#1614): https://groups.io/g/freertr/message/1614
Mute This Topic: https://groups.io/mt/99850023/6413194
Group Owner: 
Unsubscribe: https://groups.io/g/freertr/unsub []
-=-=-=-=-=-=-=-=-=-=-=-