Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added SSH key provisioning for SR OS #1706

Merged
merged 10 commits into from
Nov 13, 2023
Merged

Added SSH key provisioning for SR OS #1706

merged 10 commits into from
Nov 13, 2023

Conversation

hellt
Copy link
Member

@hellt hellt commented Nov 7, 2023
edited
Loading

Hi @mabra94

Here is a new PR, since there were quite some things I wanted to remove in your original PR.

Unfortunately while keys are configured in SR OS I fail to successfully login using them. Maybe you will understand what is missing =( Was testing on 23.7.R1

The config renders ok on SR OS, as far as I see

...user-params {
                local-user {
                    user "admin" {
                        password "$2y$10$TQrZlpBDra86.qoexZUzQeBXDY1FcdDhGWdD9lLxMuFyPVSm0OGy6"
                        access {
                            console true
                            ftp true
                            snmp true
                            netconf true
                            grpc true
                        }
                        console {
                            member ["administrative"]
                        }
                        public-keys {
                            ecdsa {
                                ecdsa-key 1 {
                                    key-value "AAAAC3NzaC1lZDI1NTE5AAAAILKdXYzPIq8kHRJtDrh21wMVI76AnuPk7HDLeDteKN74"
                                }
                            }
                            rsa {
                                rsa-key 1 {
                                    key-value "AAAAB3NzaC1yc2EAAAADAQABAAABAQCs4Qv1yrBk6ygt+o7J4sUcYv+WfDjdAyABDoinOt3PgSmCcVqqAP2qS8UtTnMNuy93Orp6+/R/7/R3O5xdY6I4YViK3WVlKTAUVm7vdeTKp9uq1tNeWgo7+J3baSbQ3INp85ScTfFvRzRCFkr/W97Wh6pTa7ysgkcPvc2/tXG2z36Mx7/TFBk3Q1LY3ByKLtGrC5JnVpMTrqrsCwcLEVHHEZ4z5R4FZED/lpz+wTNFnR/l9HA6yDkKYensHynx+guqYpYD6y4yEGY/LcUnwBg0zIlUhmOsvdmxWBz12Lp7EBiNjSwhnPfe+o3efLGGnjWUAa4TgO8Sa8PQP0pK/ZNd"
                                }
                                rsa-key 2 {
                                    key-value "AAAAB3NzaC1yc2EAAAADAQABAAACAQComgPcG3DJaOI/Hj6SteEvwuIObe9qSLdecDHmAPLbhyvClEKN7i2AVc0UHCY10Lxxc0XsLuNPgHZYlWk1Ii9SFMHE/60MdlpP7TvcUdLBTuy0Byhx7i+0LO+vMTDJMWsil8Ivgc9xCT6iL5a/kEc3AR7FQwf3K/3jidyLpLFBy+Nliz060Y5j7X+u5sqPogdoa47qdSOJCzCD7DfThaxyPLcnNiGuco/5OoAujC/ZLCFgj2JnIrsf3ZAvl8yzrJfH3KtDK3klNlA5oc2+l92NOcTdasE7iTHZfZg3HXWvdKP5U63FsXNzisIeHkmjs4AtuTvTyCam2PEKwPuy1X+ogTBTKTSAlud5rkDeoGBIyhbO6gZTQnqb8dyLpD4mz2Fyn/6k97YcZn3KVgS6OTEzHhOOhEd1OlFlRgNdREw3YqL4B2ooq/In0GJjhPHQg6L8cyyhL+oPm2noQUp8jw9Sp42EHDgG33dYPiwbQ2eq6Ql2PLCc0M8YXJdVtFhENV6zoPTtosxx4OEWtauoART931a000/qa51cvuJX7bSEvJGhGUh3sTSYGke3X0gQKMHtVh/5iDcb0IowW0J/e/UnITwP6FgTE2AhOsEXaoJiSd4BcUUDG1mHMuLKxRSFw63V7T0XTOHSousHS8QNKMJoNe1PcaArFCJ+gOZmY68Mzw=="
                                }
                                rsa-key 3 {
                                    key-value "AAAAB3NzaC1yc2EAAAADAQABAAABgQCtxsljGhy2DWg9/VwyRwsz2xEfscEuXOgd+z9aXLBXjEEPedzVAs84fAo981ap4xVmbB7gZOPwDM0jWWrGhv94WbWG5ZA7RjoAdp7EscCtv68r2gudagfxvaRHFQntgZt0c5tJztleXYLjaSvH5Nk/TDnVmOKiVKz/DZLuUx80YTb0udtz4qmFxSLswVbCr5YDtkdfaZ2fef3uEq21siVe+KNwL3gurBSUMKiWAPcQiSlBFXOjt0dLT3juy3D7ck3RaLirq07xeJvrJwDghEpvSpZnPZf7v8UmyIyv90edjC/0YogJV962IMzoT8s8+179glEKQBNHHRPm0KdX1BKjOpAFhx3zcTK6cxbG5Zbjcq0Vw86SjsiO4gz8QkBda6o/AtvqdQ8KOg+IpfVJ/j9/zyIeU1Ep9oWXzmx8i2s+rSTkNTdvi1lTKGpTCD2jFa5uxisR5dVoeKxMsJNaS7NxjIo0ZARriwGMnh+s8mA3ZZVYqnKJsGMUs02I0aSd0QU="
                                }
                                rsa-key 4 {
                                    key-value "AAAAB3NzaC1yc2EAAAADAQABAAACAQDBJRPA9kC25PYrFE8+DPAvxlzj7KNAloyKPsBEHjmLFgRbkjhK3F3kNHTd/afnPx5nC5R9g7mIPXjsHnzcR9n7OxegyqEQvwGJYOC5n94UfC/Htod5FhB4FcMAR1iuJWQCmGrg+Evs4LEBdST81PKIOORsFquZ84P5i/ZifjbKE+m+3tJLu484slMZqHANNUlfmTT1MkRDeXlv6eif9YWzP3w1M4l6+WOhowfyKU5N1scEf2gPIa5uqdzL3YTWWVid/EjTx4WNLO4w8FRRxxabcqAZ6rmw5CEHfQyXfqCW+v5d3thkylYpHMGohf7BifF0oDiJkaQUgO6vQBOpSbkLZ/ZCth4RqDEmZPO8DH25Hr+rkYZleWQoNL5JpHAMlNMHAOk+b2icBT+qw0+1zpzHuQow+48BkCLwQNyZmkqJB4SABzx5JWC8nLMczvpJqkWhG/Nzp5PdoDrsqxTNt9oaTUWdBDgFCTDduisyqvtzn6UOJJn6+hKqdxMyT1bcezd9s4AiJTTBzpLy560QrANyEIX+nt2yR8fJhfg+R4RsXw0hVlYh31a9oG2+NwCwBaTrCML97m/lVFsoSb4uJ1rwqUKbdzCV3EB2xINkkKXwafYh5lHMjo7TPcgo0VQIe2lSWLiHF4h3HTD/HIP0NqxIm+Pk5pVE99gC+IUUXlmhJQ=="
                                }
                                rsa-key 5 {

key-value "AAAAB3NzaC1yc2EAAAADAQABAAABgQDNEsOytypejPqd4csAycRShsJAtCKAy/PxXtTzcpoU7PTLaxTGiZUGhZ33pZ86/hzyA8/GksvHsYj3tumILe1HTdV2rKGkbRIYJ8sAEkmhKtEiC0PuXVCLS4zy7YMOIQAJ1edn0RUqvAe+rb/E50eucqzJeMriEuWUtrLZpRRaUCQOmqTkTpxHR3T+5TF+ia/ii4ZY3VwsChVrPHfoVNk3NGSb8hPsjuSE61kwYxI135hHK2ZI9iv/QKUUrR9xFaMGMCAPX+9C1EhclwkeB1t4EKwam6qQs15jnhBO7kEq9oCX7vjrmra5neQD7yxkM+I0aJTYRfmldlyf/pWpGXxPn55f1eLFH5uTKxCnEJepe5P1jm24vvTdij9DF256GVjEwBrZ0ro8Pg45PT4ZT/jkAkfC+SLpQutcDggvNbOOUOjCak/lBv5bAIQOe/sbfIW6NOdWSNm6HZShYZUAfik1oXu2VasCZHcyNpwGx3p3Cr7HSVInDpzC9WGzv+hOzJ8="
                                }
                            }
                        }
                    }
                }
            }

But either the key value is not provided as it should, or smth else, but it just doesn't work.

LimeHat
LimeHat reviewed Nov 7, 2023
View reviewed changes
nodes/vr_sros/sshKey.go Outdated Show resolved Hide resolved
@hellt
Copy link
Member Author

hellt commented Nov 8, 2023

Keeping this PR opened until we figure out what needs to be added in the config to make recent openssh clients to work with recent SR OS.

@hellt hellt mentioned this pull request Nov 8, 2023
Closed
@hellt
Copy link
Member Author

hellt commented Nov 8, 2023
edited
Loading

TODO:

  • before merging/squashing add Mathis as a co-author for the commit

@hellt hellt force-pushed the sros-pwd-less-ssh branch 2 times, most recently from 7326622 to ee0f542 Compare November 8, 2023 11:22
hellt
hellt commented Nov 9, 2023
View reviewed changes
Copy link
Member Author

@hellt hellt left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@steiler check this out 3f560f4
The SSH issue has a workaround - we need to set SSH client option

PubkeyAuthentication="unbound"

Since this is kind-related, I introduced a concept of a Main Kind Name which is the first element in the kindNames of the kind implementation.

Added sros for SR OS node. This is in line with my idea to get rid of vr-<name> prefix for VM-based kinds.

Then added a NodeRegistryEntry func that returns the main kind.

New stuff

What I think is missing in the SSH config is the IP address matching the node. So that people could use ssh <ip> and get the config read.

This can be done by adding v4 and v6 addresses to ssh config like that:

# Containerlab SSH Config for the sros lab
Host clab-sros-sros 172.20.20.2 2001:172:20:20::2/64

@hellt hellt requested a review from steiler November 9, 2023 13:41
hellt added 2 commits November 12, 2023 14:12
@hellt
Merge branch 'main' into sros-pwd-less-ssh
e09aa5a
@hellt
use ssh config struct instead of kindSpecifics
0577052 
KindSpecifics seems to not work when we will have ssh config specific to a particular node version. So it is a bit over generalizing
@codecov Codecov
Copy link

codecov bot commented Nov 12, 2023

Codecov Report

Merging #1706 (84ae12f) into main (3c24d9b) will decrease coverage by 0.14%.
Report is 1 commits behind head on main.
The diff coverage is 10.66%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1706      +/-   ##
==========================================
- Coverage   51.62%   51.48%   -0.14%     
==========================================
  Files         141      142       +1     
  Lines       13751    13776      +25     
==========================================
- Hits         7099     7093       -6     
- Misses       5864     5894      +30     
- Partials      788      789       +1
Files Coverage Δ
clab/sshconfig.go 64.44% <100.00%> (+0.80%) ⬆️
nodes/default_node.go 57.09% <100.00%> (+0.40%) ⬆️
nodes/linux/linux.go 67.27% <ø> (-0.59%) ⬇️
nodes/node.go 56.00% <ø> (ø)
types/ssh_config.go 50.00% <50.00%> (ø)
nodes/vr_sros/vr-sros.go 0.52% <0.00%> (-0.07%) ⬇️
nodes/vr_sros/sshKey.go 0.00% <0.00%> (ø)

... and 4 files with indirect coverage changes

@hellt hellt mentioned this pull request Nov 12, 2023
Merged
1 task
@hellt hellt merged commit 4e4748c into main Nov 13, 2023
20 of 21 checks passed
@hellt hellt deleted the sros-pwd-less-ssh branch November 13, 2023 07:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LimeHat LimeHat LimeHat left review comments

@steiler steiler Awaiting requested review from steiler

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hellt @LimeHat @steiler