Skip to Content.
Sympa Menu

rare-users - Re: [RARE-users] [freertr] SSH to Freertr with Private/Public Keys

Subject: RARE user and assistance email list

List archive

Re: [RARE-users] [freertr] SSH to Freertr with Private/Public Keys


Chronological Thread 
    < Chronological >      < Thread >
  • From: "David Schmitz" <>
  • To: mc36 <>
  • Cc:
  • Subject: Re: [RARE-users] [freertr] SSH to Freertr with Private/Public Keys
  • Date: Thu, 29 Jun 2023 16:42:40 +0200 (CEST)
  • List-id: <freertr.groups.io>
  • Mailing-list: list ; contact
Hi,

On Thu, 29 Jun 2023, mc36 wrote:

Date: Thu, 29 Jun 2023 16:33:16 +0200
From: mc36 <>
To: ,
Subject: Re: [freertr] SSH to Freertr with Private/Public Keys

https://radar.qrator.net/blog/another-centurylink-bgp-incident


pls understand its a very danger-danger nooodle and its not the 1st one :((((
Of course.

Thanks for the example.


Best Regards
David


On 6/29/23 16:32, mc36 wrote:
and for the demo yeahh there will be flowspec up to 12tbps already shipping but still.... khm.....

On 6/29/23 16:31, mc36 wrote:
then you can have n+ bgp processes and one-way redistrubute from the arriving side back to the collector...

even more fun if you configure a bmp and mrt sesssion to the receiving freerouter then it's a realtime

through server http asdfas
host * path /rtr/collector

the bmp is needed to have a backup collector

etc...


i still keep my opinion that dear nemo team the hack u prepare for?!?!?!

if you police/redirect to the hell a bgp then the internet times out and dies till u poll da cord...:((((




On 6/29/23 16:28, David Schmitz wrote:
Hi,

On Thu, 29 Jun 2023, mc36 wrote:

Date: Thu, 29 Jun 2023 16:12:46 +0200
From: mc36 <>
To: ,
Subject: Re: [freertr] SSH to Freertr with Private/Public Keys

so normally nemo will have a webui from you david and you'll originate shit from flowspec from exabgp....
That's right,
at least as far as the mitigation itself, that is the signalling for it,
is concerned.


i dont think a controlled needs ssh to core0.paris.geant.org at ssh level for any reason.....
It seems to me that NeMo config for ssh public keys is
used in NeMo for somehow pulling mitigation statistics from the router, at least in the CISCO case.

So, this is not going to work with freertr anyway, at least not with adaption.

Maybe I am wrong.
So, we will definitely check with the NeMo team about this.

Best Regards
David


br,

cs

On 6/29/23 16:10, David Schmitz wrote:
Hi,

On Thu, 29 Jun 2023, mc36 wrote:

Date: Thu, 29 Jun 2023 16:05:05 +0200
From: mc36 <>
Reply-To: ,
To: David Schmitz <>
Cc: , ,
    Frédéric LOUI <>
Subject: Re: [freertr] SSH to Freertr with Private/Public Keys

i dont think so....

generate the fresh 4k rsa priv/pub key

and just import the pub file without formatting to the config...
Ok, we will try that.
Thanks.


btw i dont think for nemo u need anything but bgp flowspec....?!?!!?!?
Good point.
For some reason NeMo has some config that.

We will ask NeMo people whether it is really necessary in our case.

Best Regards
David




On 6/29/23 16:03, David Schmitz wrote:
Hi,

On Thu, 29 Jun 2023, mc36 wrote:

Date: Thu, 29 Jun 2023 15:51:38 +0200
From: mc36 <>
To: , ,
    Frédéric LOUI <>
Cc: David Schmitz <>
Subject: Re: [freertr] SSH to Freertr with Private/Public Keys

hihi,

so back from my afternoon coffee from the park, and still: i have nor crystal ball nor time to play stupid puzzles at the moment... :)

sho run / sho run hide / sh run all hide / "sho run | pastebin"  if you found the way to configuret that... ;))))

Maybe, a some more details:

The issue that for NeMO it is needed to have the public key exported
outside of freertr in a format understandable by NeMo.

So, one idea was to create the private/public key pair externally outside of freertr,
e.g., with ssh-keygen, and then import it to freertr by
"crypto ... external".

Before, the idea was to export the key created internally in freertr:
But, trying to interpret the contents of the base64 string (the stuff after the '$v10$') in the config,
e.g., as in
...
crypto rsakey rsa import $v10$TUlJRW9nSUJBQUtDQVFCNUcxQjJGd216Ly9rTDJKN0xjdTZHckxmVGdjOEJ6aHpnNHVteEhJaVFrdFZ4U2xnQmFFSDBlQmhFdlhJMzA4d2ZNaUVvcWEzNnBMdFlKN3pmK0pGekIrRWJtdDJNZUc2ZURxc3IreGhsSmMzYkozTzhvNVRjZEIxblhKbEV2T0RlOTdycTJnT0xPSjJGaFdwbVBBd3dYTStLVXMxR05iL1hWR09tQUJrMzhlNXpYMU9XU01Oa0dEUXV1MEt3WUNub2pvbXBQdnMvZktVNW13b3ZCeXk3MjNTakdOQ3BYTEQweGRnTUord1ZSQ2NkV1huejk4bUNzRVBtKzJlbTJQbDMrVWU0WnNSVFJQb1JWTHdmVWdNcnViZ21BdFE1QWJtSTdDejdWZmQzRHVpbkVuZFJLSzl0N3dWeEVpcUZkN2Z2c2pYc0hoNVQrK2hqSnJ3TVc3UWxBZ01CQUFFQ2dnRUFSVWlvRm5jRm1SR204KzBBbzVuajllNFgySXZaMXNtSTRldFBFSUVuYTdabEg4UU5adml6U3QzdDNGMlpXM0R5eFNJVHNFU3FnTXIvVnVhYytuRWxITzcwREt2amRYcHNwa1gwRFZ4QVQ1VjZHSmVRY2VvUHZyTTdJeWZwazFhUE8xLzBjbWs1UDh1cTZua3lMcnpKcUYxZ2FsMEdqTlV4SkVwbUc5RFFuSjBrbkw1Vkp4WmQzSTMvOStPZFVtOWJWM3NrdTVBTXk2YnhQOCtSOTJ5QzVFdThvTFoxMUxUVXk2TXNBb3FsalhIcWhIOVlTQ2RLaEtpenFKVEpOSVI3WVVQK0FOb0E0aWwrZXlzSFFQaS94L3dEVGdRY2czZ1N5SFpNYXNIRW51d1VCV2pGOWdYZ2R1VEVtc3VQVGdKdCtZZG4zcXJIMWkxamcxbDlGSGUxWVFLQmdRREJNNjBNUFNkL1pq
ZU9nQW5MUS94VlBnN2V6NnlnOENweHdsbWNwL25YbWM2TDdJa3dVUXJ0OGlMREN2clZ2dUZYVS9jell1Q2ZYVUc2MVVnNENMQldSM05LcXFuYVJSQ2hNdTBNV2JGd01wVHRHcjN3NXFlbXVtdU1VYWp5Z0pmK2Y2RFNtU01nbG5sR1E3M2FsVkx4bHl6TlE3RGVNdGd6eThyV1lhSytpUUtCZ1FDZ2VKblFuVDN2dkVhT3RzWUdKQVFYUXBFNk5ocjl0OW9TSjJ5dGMyWGpoL0pDbGhSMTBjYndnRzJ0SWhHVHE2WnQxSWNzNCtxVWxsdUxkUDBrRWRjQTErTXBKa3FLand1UE9MTjVUL1JaQ2pxSUJVL3lGR2xkeDlaN29tNGVLUFBPRDROdGZTKzdHRmdqTHB5ajFEOGFldDZ4OFJRVXV6bGRvNksycnlLQnZRS0JnUUNidmVwN2VUakR6RVJ3ek9vWVB6L0QvM2pCU0N2aXVIZWVxSXJRYStCTldxRlR6bU53M1lPditJYnBMNHF3ajJUYm5zWWhXRTIyYWRpNG9ZSE1HY1Q4YURDYU9pVWQzSnJoTjBvN3NIb0c5ZDl6bXlFT2R3RWl1QmhHVHZXZ051VlB0TmFScmZ6UklqdTAxcHJPLzV5VFA4aFAxNGRXTnlwdDVwUW1hU0psOFFLQmdFbVlCYkxPNm1EUUQrdlRsdTJxQnRaRUNTYVJPYit5V2FpSnZDV3dEc0pTenFBTEJFY2tkZ0JHWmdaSTRaYS8yZ3YwdENtNlBSTDRBZlBySzAwbmdWczVwMHh2Nnkrd2VyU3NaR0wyY0RHRnAySktUV2ZRUktKbHk4L1hwbmplZnpHNW02VFRETmpaU1ZLWlJlMDhvZFFiRlphMTRXZkFsWWFFVFZOSzdxQmhBb0dBVmIyZmduRlM1ZWJjZUx5cXY1ZHFwYU9iUVljZC9vV0FaWVJBQ1BGNGNHZHk0c E85Q WV 2ejd5UHN4O
XB6SUNsS0hNNU9DQmtXMHNLNkt2ZHI3TUR1NFVVenR5SnNXOURMUmFuSUg4OCtaZ0hYZnk3TThyNmJzTklrVlMyQml6SExXRmVZNW5kOWt2WFZMOHNQY3dVN2dvM29VUEZlVkRFdm1ZanpsVkZFcm1NPQ==
...
we were not succesful yet.

So, any ideas?

Thanks in Advance.



and frederic have the knowledge and spare time to dissect the details imho... :)

i do care about the bits my nren and that cisco is just uploading a rarity just for mee so sry...

cul8r on this thread on the next week monday...

if you found your answer in that time feel free to reply-all and share the results with all of us on one of the threads :)

even better a small update 4 all of us how your 3g-->3g-->5g control plane stuffs are going on and if you arrived to activate a dataplane to your demos?
On this the other sub group is working on.

Maybe, they can give an update here?


Best Regards
David


thx,

cs

On 6/29/23 14:59, Nikos Kostopoulos wrote:
Hi cs,

I was able to SSH to freertr using passwords. However, I don't know how to configure SSH using private/public RSA key pairs.

I guess the magic is at: crypto rsakey rsa external FILE

where you can load a key from an external FILE. When I try this, I get "% error decoding" although I have tried with base64 keys (using command "cat id_rsa.pub | base64 | tr -d \\n").

I also expected some "show" commands related to crypto, e.g. "show crypto". Is something like this available in freertr? Could I use for example crypto rsakey rsa generate 2048 and get the public key corresponding to the generated key?

Thanks,
Nikos


















--

David Schmitz

Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#1617): https://groups.io/g/freertr/message/1617
Mute This Topic: https://groups.io/mt/99850023/6413194
Group Owner:
Unsubscribe: https://groups.io/g/freertr/unsub []
-=-=-=-=-=-=-=-=-=-=-=-



Archive powered by MHonArc 2.6.24.

Top of Page