Hello everyone, I hope this mailing list is the correct place for my message. I am the developer of GoRTR (https://github.com/cloudflare/gortr), a tool to send RPKI/ROA validated data to routers. I just implemented SSH support (no-auth, password and publickey) With Bird 2.0.2, I managed to setup a cleartext connection. I made a docker-compose environment with two birds connected and a GoRTR. https://github.com/lspgn/compose-bird-gortr
While it's not impacting, when the RTR server returns a NO DATA, the client will bomb of requests as shown by a higher log level of GoRTR. > gortr_1 | time="2019-04-11T21:40:13Z" level=debug msg="10.1.0.3:54874 > (v1) / Serial: 0: Received PDU Reset Query v1" > gortr_1 | time="2019-04-11T21:40:13Z" level=debug msg="10.1.0.3:54874 > (v1) / Serial: 0 > Request Cache" > gortr_1 | time="2019-04-11T21:40:13Z" level=debug msg="10.1.0.3:54874 > (v1) / Serial: 0 < No data" > gortr_1 | time="2019-04-11T21:40:13Z" level=debug msg="10.1.0.3:54874 > (v1) / Serial: 0: Received PDU Reset Query v1" > gortr_1 | time="2019-04-11T21:40:13Z" level=debug msg="10.1.0.3:54874 > (v1) / Serial: 0 > Request Cache" I am not sure if I'm missing a timeout but I feel this may be a bug. For ssh I am having another issue. The faulty configuration is the following: https://github.com/lspgn/compose-bird-gortr/blob/bird-rtr-ssh/bird/config_local/bird1.conf With the statement: > protocol rpki gortr { > debug all; > roa4 { table t_roa4; }; > roa6 { table t_roa6; }; > remote "10.1.0.4" port 8283; > transport ssh { > user "rpki"; > bird private key "/etc/bird/id_rsa"; > }; > retry keep 90; > refresh keep 900; > expire keep 172800; > } The logs are the following: > Creating network "bird-gortr-compose_vpcbr" with driver "bridge" > Creating bird-gortr-compose_gortr_1 ... done > Creating bird-gortr-compose_bird1_1 ... done > Attaching to bird-gortr-compose_gortr_1, bird-gortr-compose_bird1_1 > gortr_1 | time="2019-04-12T00:33:16Z" level=info msg="Enabling ssh with > the following authentications: password=false, key=true" > gortr_1 | time="2019-04-12T00:33:18Z" level=info msg="New update (79929 > uniques, 79929 total prefixes). 0 bytes. Updating sha256 hash -> > db4486e353d9f1f7e30ad90ab4b93c0c91adb30dfc572a0493ca8030471768c9" > gortr_1 | time="2019-04-12T00:33:18Z" level=info msg="Updated added, new > serial 1" > gortr_1 | time="2019-04-12T00:33:18Z" level=info msg="Accepted ssh > connection from 10.1.0.2:33758 (1/0)" > gortr_1 | time="2019-04-12T00:33:18Z" level=info msg="Connected > (ssh-key): rpki/10.1.0.2:33758 with key ssh-rsa > AAAAB3NzaC1yc2EAAAADAQABAAABAQC1PYoRv0xuIMbv6aQZbXUNzqS611+FgahO0tNJ1C/CD2yxmzDuijjiAL3ia3UNPuIwS4Bwukn0EQJP/J2UGM0ABGR6r8n46RzFFkBqVBXrpRNThsD36hSYeUqfir1DChxknXCEG0pLcs5cW3OZagROcW5eZbbbTD40lIglhthtrf/9d241WUcvrhXiE/VaZvj8wi2lY26MuvqDGJgApOK4gi4gLzlr5qT4aDIzUIV0LlYul3hOFX/UMlX0yJg2cgEz/xRRlUfpsx6rQkwQZ0z1lwI0QBvHlON/+Azy/HmGWFcQ2S0V+CWUFHoZ/PBqmBnLT5MBSy5r/9RQVfoaeHBv" > gortr_1 | time="2019-04-12T00:33:18Z" level=error msg="Error with ssh > client 10.1.0.2:33758: ssh: unmarshal error for field Language of type > disconnectMsg" > gortr_1 | time="2019-04-12T00:33:18Z" level=info msg="Accepted tcp > connection from 10.1.0.3:55344 (1/0)" > bird1_1 | bird: gortr: Channel roa4 connected to table t_roa4 > bird1_1 | bird: gortr: Channel roa6 connected to table t_roa6 > bird1_1 | bird: gortr: Initializing > bird1_1 | bird: gortr: Starting > bird1_1 | bird: gortr: Changing from Down to Connecting state > bird1_1 | bird: gortr: Opening a connection > bird1_1 | bird: gortr: State changed to start > bird1_1 | bird: Started > bird1_1 | bird: gortr: Lost connection: Failed to read private key: > /etc/bird/id_rsa > bird1_1 | bird: gortr: Changing from Connecting to Transport-Error state > bird1_1 | bird: gortr: Closing a connection GoRTR sees the connection with the correct public key but Bird drops it. If I do not set any statement "bird private key", it does not connect as well. Have anyone successfully setup a RTR+SSH session? The password authentication work well with Cisco routers but apart from rtrdump (another tool related to GoRTR) I could not test publickey authentication. Thank you in advance, Best, Louis
