I’ve configured SSH key for my vyos user and can successfully ssh to the remote host but attempting a remote save fails. I do note that it prompts me for the host’s fingerprint even though I’ve previous imported the remote’s host keys using keyscan.
chris@door# hostid
007f0101
[edit]
chris@door# ssh backups@192.168.16.20 "hostid"
a8c01410
[edit]
chris@door# save scp://backups@192.168.16.20:/srv/backups/door/commit-archive/test
Saving configuration to 'scp://backups@192.168.16.20:/srv/backups/door/commit-archive/test'...
Host '192.168.16.20' not found in known hosts.
Fingerprint: a317e719751aa8d457cc69418c0be644
Do you wish to continue? [y/N] y
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3/dist-packages/vyos/remote.py", line 293, in upload
urlc(urlstring, *args, **kwargs).upload(local_path)
File "/usr/lib/python3/dist-packages/vyos/remote.py", line 186, in upload
with self._establish() as ssh, ssh.open_sftp() as sftp:
File "/usr/lib/python3/dist-packages/vyos/remote.py", line 174, in _establish
ssh.connect(self.hostname, self.port, self.username, self.password, sock=sock)
File "/usr/lib/python3/dist-packages/paramiko/client.py", line 435, in connect
self._auth(
File "/usr/lib/python3/dist-packages/paramiko/client.py", line 765, in _auth
raise SSHException("No authentication methods available")
paramiko.ssh_exception.SSHException: No authentication methods available
Done
I don’t think the save command uses the system SSH, you can see in the stack trace it is using a Python library.
I’ve only had success using the password on the command line. I’ve been meaning to see if I could create an SSH user that only allowed “SCP” as I know that can be done.
For example, this works for me:
save scp://vyos:password@10.10.1.3:/tmp/config
As a side note, I’ve noticed that you can’t copy to a destination file starting with “.” such as to go the remote user’s home directory.
save scp://vyos:password@10.10.1.3:./config
Saving configuration to scp://vyos:password@10.10.1.3:./config
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3/dist-packages/vyos/remote.py", line 293, in upload
urlc(urlstring, *args, **kwargs).upload(local_path)
File "/usr/lib/python3/dist-packages/vyos/remote.py", line 285, in urlc
return url_classes[url.scheme](url, *args, **kwargs)
File "/usr/lib/python3/dist-packages/vyos/remote.py", line 159, in __init__
self.port = url.port or 22
File "/usr/lib/python3.9/urllib/parse.py", line 175, in port
raise ValueError(message) from None
ValueError: Port could not be cast to integer value as '.'`
chris@door# set system config-management commit-archive location scp://backups:mysecret@192.168.16.20:/srv/backups/door/commit-archive
"//backups:mysecret@192.168.16.20:/srv/backups/door/commit-archive" is not a valid URI for the scp URL scheme
It appears to be an issue with the : seperating the host from the path. Dropping that (using the SFTP form) works…