Commit-archive not working for scp and sftp

badger72 · April 24, 2020, 10:18am

When trying to use the set system config-management commit-archive location commands, the errors was (60) SSL peer certificate or SSH remote key was not OK

So after digging and not automatically generating a key, I modified the /opt/vyatta/sbin/vyatta-commit-push.pl file and placed -k in the following section

$cmd = “curl -g -s -S -T $tmp_push_file $uri/$save_file”;

$cmd = “curl -k -g -s -S -T $tmp_push_file $uri/$save_file”;

Once I had done this I was getting a new error
curl: (79) Upload failed: Operation failed (4/-31)

I then discovered I needed to add /~/ for it to work.

set system config-management commit-archive location scp://user:password@IPaddress/~/Downloads/

Hope it helps others who struggled like me!

tjh · April 26, 2020, 9:46pm

Thanks @badger72 - Can you confirm what version of Vyos this was with?

badger72 · April 27, 2020, 11:46am

The version is VyOS 1.3-rolling-202004230117

raphielscape · March 27, 2021, 12:31pm

I can confirm that this behavior still there in VyOS 1.4-rolling-202103210217, adding -k in curl command in vyatta-commit-push.pl didn’t fix the curl 60 error

a.srividya · March 27, 2021, 7:32pm

Use this command to generate the ssh fingerprint of your host.

ssh-keyscan >> ~/.ssh/known_hosts

Then you can configure the commit-archive command for scp or others.

set system config-management commit-archive location

Reference link:
https://docs.vyos.io/en/latest/cli.html#remote-archive

Tested in the lab:

vyos@vyos:~$ sh ver

Version:          VyOS 1.4-rolling-202103251004
Release Train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Thu 25 Mar 2021 10:09 UTC

vyos@vyos:~$ sudo ssh-keyscan 192.168.x.x >> ~/.ssh/known_hosts
# 192.168.x.x:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
# 192.168.x.x:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
# 192.168.x.x:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2

[edit system config-management]
vyos@vyos# set commit-archive location scp://root:root@192.168.x.x/root/backup
[edit system config-management]
vyos@vyos# commit
Archiving config...
  scp://192.168.x.x/root/backup  OK

root@debian:~# ls -ltr /root/backup
total 12
-rw-r--r-- 1 root root 1205 Mar 29 01:52 config.boot-vyos.20210329_095215
-rw-r--r-- 1 root root 1205 Mar 29 02:04 config.boot-vyos.20210329_100404
-rw-r--r-- 1 root root 1204 Mar 29 02:04 config.boot-lab.20210329_100448

This works as expected.