diff --git a/certs/_probe_key b/certs/_probe_key new file mode 100644 index 0000000..61297f0 --- /dev/null +++ b/certs/_probe_key @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABChIc/mh2 +2ZlTnDw27U26Q9AAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIHh6RLKV3/Dd8Ku0 +PB+lLBZo6E+EXJ2WYLYjIzVU/5t9AAAAoLzKj5jOlcoxcNfmUjP4KnfUEQ0wB2dhwpmzym +p7kqtBnTd7q1VZ+tszUyOEEAwvWChWPsQ5qcFkrXlI12NJVl0bv4XHXXXCoUzTuzasQhWg +ajws+FR9McWjTwYbuxPK8nZlRMGKVv3KTEb7IKzPiB1/+XVKRQCVyzhfJCFJTSIwL66KbP +knSamwB5g59wp8xcjPmdecqba6a7wTeHy21cg= +-----END OPENSSH PRIVATE KEY----- diff --git a/certs/_probe_key.pub b/certs/_probe_key.pub new file mode 100644 index 0000000..2267478 --- /dev/null +++ b/certs/_probe_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHh6RLKV3/Dd8Ku0PB+lLBZo6E+EXJ2WYLYjIzVU/5t9 xuxiuting@LAPTOP-A2IH6TNR diff --git a/certs/bird-rtr-client.key b/certs/bird-rtr-client.key new file mode 100644 index 0000000..df4fbac --- /dev/null +++ b/certs/bird-rtr-client.key @@ -0,0 +1,39 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAaTeJ0Al +IMgPHrgsaVr3RlAAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDQGmbM6oQ3 +HYuaghpNTbIfOQQqC7m0vX5dUqcDlhlMyntyHAQOCzV8M5jbr2REeyTw60XXEezvb05mRm +4NKQXJGsBR+/n5ZgvxpSFfso9ZBTTflEwBgBSQdoz/abWXe2inJ1MATu2An1vIAERQO/Gv +V9HYcLgF3sZ9T6X6yvVUt5TKWaQ2wNKQb3KNTpnBzrK74gkUaDj1HUt/DeVk42L80boycK +Zq2/jkHb4U6ThRXof7NJzgpHMgtMbCwAsN68fY4iIIN1046TIGHwy0sJaYrRDVzpWFLRS+ +hc68g5MWbhtiUFGGVjjMkUbSwegorB6hRxEyMYjn1bhLuUhiMVJkF552Y4Dwu7D1zRd4qk +6ZL3nlEOCNsLTo+HIFCP0XUodaWdx2WJKZlpUpjzN7JF3MXqY0/xEgLNlL/SLSB1tod1PW +fKfF7WDYluZJNCPv3V4296vcpG/VNBVew6ODRFT1WTQhVPenJLHuxZrOTg3sbGMXrsY8Lh +JjQtVTY4ijvRkAAAWQANIwKXD3+y7RY6XFUvYSm6PGQbgfWO7NNR20whNld5pAHWzSamI5 +hNil50ZlYqfrfcZ8Gfhc3i9Td7ATd2h7ZBMTmkKMOzssTldTuKg13dc0r+Nk80o6PyT4SR +YyHRVEk2Y9IeEtwjFaR50VlVY+qmLx6dzgN0tDDdb0Nenb4g1qkIjgepLu6b2KH1wznZGM +feJPHQwfPi3RYnUquFnpfdOLdseDQS7EVLfoK/jg5lMjxGMXgptN00fOH6M2oEYaDbQK6S +GnROKBUu5mBFPDgidahwlIkaBJ7/HAiTFhQLo75AZSEDPOOveGkW+0DJPlqw1f5a4k2jRQ +1+wNbceuj5Zm9uw1EPzZpEQ42+DaQK3Ze5aRdm/AovykLwdmk29LK5WiGgyfsYZILq3UOB +IBAq+Mg/ePgoQDH6raQnPvwO4+2cKmMhBFu4Ck+af8fPyRfMYvjFSxxDE7kUoSuWUb1WRP +ZK95yf0BrUd8E6LqVp9476UuvrkG9wm8HMlI5Q+uksQ5tZPHCNGzIOKgDP1V7RsTWlYX9n +2eJqfUq1zgP2sfVUrLehxCn9uLHBzzjIq/RPQIhBFNnT8RgBRBGm6Q+LrhkkDCsA3hzuys +9ja+cypw6uSxGe6Q7l832PEggKaMJy54ZExosVOdXi8vxJgKSzhIuWSjIslHBPv4A1L4vd +9heimddR6Lm1eIqzyen0y45oHDcbj4+R9vSUd4LH4jT24EzsAU7SY8Y+qLhRk67AZqx+z8 +3w3pHnMJNzfo4RUn261LhkyXbr5Tgk9EUBaSTjRkBgRwXDuf5AJ7lgCzEfxaQl24Fe7Q9m +ufvfk5uiL9dNXWOCYk9zvdbLVLA8c0pyB+wKKOCWDJlaJpkwSNbch1JO5Sk+mTXrRDll3m +xGK9ARaKfAH5+oRVqHS+5I4tBwFLG+DQL7ktj0YRvu+c1spVzFiiwf4MkOe1Hs/EmQfKEP +BWUq1uAZhVDS2TeUQwkjR5//eGkSMvE4d9HJnTQTDZk07kv1FvpJ271MWXrln94c/tvKuh +9Ef34IkMFG6O9uJ2Uu7/U5FSyGuyfeg/7Rffl4jnPDaJnjA0I8QMpjiqckkXIzSP2k0ZtP +WodpqzBUeRKeJiawkf5kVa0cW0Fq+pW7dlO9b38ufpgcuiV/EadlsVY3qfBhDOpdiGwAob +ER9pW4Z6Bnl+8ci1U3f7P8PrNiYGm1g8wTgNYCrOSU1JuLoI1y//OZT9u7gpXwsrazjcWU +hrTXQje273IiB/yosJrtqhJkmAKYDrgb45Pe0a2J0voIHY5jsF7MNlFlJb/zVZvBn8vWpA +QYXKnq0Agx97UMwyKaYvm/v0UTJZgS1Jd5owY1jwwGubBIt58VRfX6++EJ3QY+EslYvCN0 +BzBV4B+a8WhuGsF7x6Rlv8ei1+hEW3FFHsL4KBjy0e38yvVkYHlND+oxBvawxsikdNwL/2 +g4LfKSVEysjbRSd+UVqVYlBLnmfio7E7sbShp7TgmV7BBsE+9N1PEKRX02QUlhXYqLensx +3vhOrFcEGvdji8qYAnxK0aGLuMwG/czHjD7tD6xUjjzxVLv9qY9pHX9WxRxYDNyoSX65lj +EbqpcPe4QrDypTvNKEeZ4w0FEsYP4J0O6ZDXuBoQnSqsbFkvEP3lCf0ezq8jfJn5K0BBkH +auJpHWx9g8+U+3vKMj4+00fHtp8v0hMMCOzGy8Ol2yS5x6z3Or0HkYzbcMMZvkUNk+z47c +bHFgdUC/lqc9UrhleAWwkEc9l3qoA61nz7B2jAmZhlNBKFPiIZn2TG7xy4CITDV46j+j92 +y8/hyJDEB0yxx2O/zZKhkEf/N/bAlhIo/8dsjMCMBgE0X+sdpQCfZ+k/dQnAlvWRYhLrkr +tO97CdjmrFG+AR8pwNqjvJnH9fw= +-----END OPENSSH PRIVATE KEY----- diff --git a/certs/bird-rtr-client.key.pub b/certs/bird-rtr-client.key.pub new file mode 100644 index 0000000..868327c --- /dev/null +++ b/certs/bird-rtr-client.key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGmbM6oQ3HYuaghpNTbIfOQQqC7m0vX5dUqcDlhlMyntyHAQOCzV8M5jbr2REeyTw60XXEezvb05mRm4NKQXJGsBR+/n5ZgvxpSFfso9ZBTTflEwBgBSQdoz/abWXe2inJ1MATu2An1vIAERQO/GvV9HYcLgF3sZ9T6X6yvVUt5TKWaQ2wNKQb3KNTpnBzrK74gkUaDj1HUt/DeVk42L80boycKZq2/jkHb4U6ThRXof7NJzgpHMgtMbCwAsN68fY4iIIN1046TIGHwy0sJaYrRDVzpWFLRS+hc68g5MWbhtiUFGGVjjMkUbSwegorB6hRxEyMYjn1bhLuUhiMVJkF552Y4Dwu7D1zRd4qk6ZL3nlEOCNsLTo+HIFCP0XUodaWdx2WJKZlpUpjzN7JF3MXqY0/xEgLNlL/SLSB1tod1PWfKfF7WDYluZJNCPv3V4296vcpG/VNBVew6ODRFT1WTQhVPenJLHuxZrOTg3sbGMXrsY8LhJjQtVTY4ijvRk= bird-rtr-client diff --git a/certs/bird-rtr-client.pem b/certs/bird-rtr-client.pem new file mode 100644 index 0000000..0218f4c --- /dev/null +++ b/certs/bird-rtr-client.pem @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQC9gxH/EK68bxW8 +dKY/cTV54Ek4VV2lCMv9pcrSwi4w2tg1Vu4uMYizyWxkRpT3gI5NexNu/d2riAvT +LFEJTuD2eaCWa4PuuVpKVNvCjhAXYhu+E0X0QZj3iDdmtSQioEGcYBzvFeADjp8R +/JMv8RTDZVEuIZGSS5e7xmZQ45CvWBcrD9EstaOX3oA9reYm3ucE2wHGS8tEXFLi +k3qh52l3trKY0b+Hkd26P7BreoELPegQK/Cek9KJBtp9rRvRuOuzx5VixnLIgyz9 +TII+1O3x3c3hHullKQ3DSl6CDHpNnujPetvPbldIwUR1GfkjG/AxKjHtc2yZ915X +fFi/qaMc6ehmPKO+t3geEjcL6W4sArzs8xkYs204daz1f9/CLtpJVBhsUNkhoz1l +RbnaqZr8LuwjlujX3te0UltX3u7D00gKUwRZHw8GE1ksIO2USvZaTggscBykJzq7 +oG6FvrNy/L8htHWEzDlJZKDUriR6ZxaufcRwK3RFGx0307NQCVECAwEAAQKCAYAG +uKo33As8fOqeEFuQmrbpM4yZQkLT3n3gqUOKKc+qVSqvqp2ANyrIaJuO62dvZ0h0 +xEmWSUv2QFkeBF9752eoajwpNZc8bWe/xOZ17iSxNZ4zBbs4jGaM2fCQFJrbXQhy +r8B69NFJAwMOh+EfBUuFmhdw3cksUYDITMM2eXm5VFQfB3y1W5xZn6838M3dwVBb +flp/4lKLYkRgy5cA/MSDdc/8Bk1nFSPybf2XdET1JX0QbMSIFUlVaZAwfqYi0C6B +RH9xpiihYlgwbVtElMsIqh3ExgB3OlhjliYacWQvxhi5fRJdUT5TYiTpCmaIsg1C +GWXtZADClrzL2rdvkrVUo4KHg1jSc/sxh/LaN061JdGuDxs2O0mg1CzwmWeCG8xy +0BWPzNruUDM30IV6klMW2vZvYMiDZqjN+fW0qiP3NYgqNBPQLBoW2Jh3Xy9jYsaV +AisxEzGRDXNOsTvKhcxPOV+0APyhZdVB70pbZwO13iWhjZqZWYrUAqkYsLlnhAEC +gcEA4r3pdzKeBpGR5Y6htmhW3U0Vi5hiKBBa3PZALebsk0W9VIumPRB7H3D+Ydmh +/alEQV7QBFojfA5LFmHqJ0Wf35zZ7r7oQv4aowY6ppLexjGeqolAxeMmXluSQjOd +gnOaVcWjEeyvtV1M2/7rmLAzWPlbCemByJRWHWjRBc1UU+yXG+zRHzvOwStzdfLB +YG12RAXa+fyHLm5544HnVJ3kzhlAK5QAJ+yqBp3lUingbUvV4fMmlMD+P9SBnDiO +4WtRAoHBANX3Uv7vwERx/Xho1+9v3iotTRYgJKsMRJraWs+4nR17WpT9kiBugKMg +6PKaTOuk3ylPZIWji9KCEX7qkrA4ME1pkELG0A9GQXaSE7MCLQzZxOkMBQeMdiSe +GgJhNtyyuL7rzLfkoAWm+xEFknv7rCaKxGaD6Be2Fmk+vSYgkUxsaVf+egRNM6L7 +4V1kpeyBf4FLOX3odwx0zON1eCvYc6sa4BoibRZx0YGhvE0Elze7QUXGzbd+3zId +2+46hyE+AQKBwQDY0p6E26R9x4pqqEA/u/sE2Ie329pRUYJyNhEdU+v60P/B72Di +l/YFFPpM+96KQOkCUfY9kyzHnqtzFeLh9xRwsv877NcR6QfzySsgyuW5RQ3jKikE +krjIFm0AXXdLndyCFOJha6KCnlu3LEiC1Evl012ZVvBCrIbEzMzE7ZqsPlwp2gYI +BhsqYbCho6gD2+jyF19VGoTyg7aPNlPOeMapxz+z7G1RwGC+vxLhxSXVnmVDEk9c +hEkdJMtkZjlLmmECgcBqBltnHrCcegvLDdDqwflJ1xbavuTMqZCZV1gmlGmugUCa +kahGT9uIejdUeCdjoVg/5Sp/mlIf5vn6dQxpK/6rbYLhxBi3aO3pbms6ifp+4q5T +ePRJEE4+yOVEhp2j8R/g44GXIkA1bM/+WE+FBmoA00SNNBHfJgim8ELUUNEPGK1+ +wAgAd6z9t2iuWcBqmKTxEbCUdov/bSVWFRCOUXzHrdKcwLBjrdTOMrHXTE4OfMjU +ZbXsln7NG8SuoOvzCgECgcAjE6ZtIW1bnbCzGOCLzbVw4AxeLuKMhwxF26k04JBJ +Yo1+vPw1skQYxelNxShHb1oUK2BsrRSYMVjKGg/rdFWng+vHWl2Ff2hj1pI0Pn5d +n8/vLTDKf0SrRXXNDK+rB70TUqis8zvLb8EACuvlL0YHiAtcWFC9GT9XQMmFbyn1 +PI14Wbzk+0TYs1UQ9FNd4IWL8IbDxxCzFGAUs2g+nYXuRQv/1juZGfsUXlrQZG9O +qD4S5Fez6uDBzHtzJjKizWw= +-----END PRIVATE KEY----- diff --git a/certs/bird-rtr-client.pem.pub b/certs/bird-rtr-client.pem.pub new file mode 100644 index 0000000..def71f6 Binary files /dev/null and b/certs/bird-rtr-client.pem.pub differ diff --git a/certs/rtr-authorized_keys b/certs/rtr-authorized_keys new file mode 100644 index 0000000..98408cd --- /dev/null +++ b/certs/rtr-authorized_keys @@ -0,0 +1,3 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9MkggFr9ic5Ply9tPzsldgut9WAb0bgdDomFtBezDC4rzi/8vWUhzZv+lezWnyKYnMPHe80FEZ8+5QrNjS2GV6KMDxQZN7Wr4Lzh+eQv3hcT+TG6CUa7KjXvuq8P6UYGW9LCn8d36YGmxXkbEtUJlmA2dRemx6xlrpXavCaXLgTph+3eoe2mWTMukwHjzuu4PXhElfCFGZnTMXAkjimCfrH+11YMb1NpMosm/8H8aYZZGAkGPljKAjOLPwAXgn77hoIlRKlslesCmTBJCnmyp/0raIXAW3nkuMnkW9ORdt1Ti7yXsRv+flFBhFh7hM9SfqgbMAkDem1TugDTFTBRkiesh2Y+sQbgk0YO2T5PF+NVLZuuTssog3JyMbRYADZGjzdnvVSG4ICR+1fVehelOnMo1tgSsk3M8WkM5wgfn5HATYcBXaiHo97Q0CHzGKI4KrOqvTc4Bb/uh0VQIecpQajGuZqsWDlxkwk1hd1/s84Qo6kk/iZWKk+S+8uXlHRc= xuxiuting@LAPTOP-A2IH6TNR +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9gxH/EK68bxW8dKY/cTV54Ek4VV2lCMv9pcrSwi4w2tg1Vu4uMYizyWxkRpT3gI5NexNu/d2riAvTLFEJTuD2eaCWa4PuuVpKVNvCjhAXYhu+E0X0QZj3iDdmtSQioEGcYBzvFeADjp8R/JMv8RTDZVEuIZGSS5e7xmZQ45CvWBcrD9EstaOX3oA9reYm3ucE2wHGS8tEXFLik3qh52l3trKY0b+Hkd26P7BreoELPegQK/Cek9KJBtp9rRvRuOuzx5VixnLIgyz9TII+1O3x3c3hHullKQ3DSl6CDHpNnujPetvPbldIwUR1GfkjG/AxKjHtc2yZ915XfFi/qaMc6ehmPKO+t3geEjcL6W4sArzs8xkYs204daz1f9/CLtpJVBhsUNkhoz1lRbnaqZr8LuwjlujX3te0UltX3u7D00gKUwRZHw8GE1ksIO2USvZaTggscBykJzq7oG6FvrNy/L8htHWEzDlJZKDUriR6ZxaufcRwK3RFGx0307NQCVE= + diff --git a/certs/rtr-client.key b/certs/rtr-client.key new file mode 100644 index 0000000..7b646a1 --- /dev/null +++ b/certs/rtr-client.key @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEAvTJIIBa/YnOT5cvbT87JXYLrfVgG9G4HQ6JhbQXswwuK84v/L1lI +c2b/pXs1p8imJzDx3vNBRGfPuUKzY0thleijA8UGTe1q+C84fnkL94XE/kxuglGuyo177q +vD+lGBlvSwp/Hd+mBpsV5GxLVCZZgNnUXpsesZa6V2rwmly4E6Yft3qHtplkzLpMB487ru +D14RJXwhRmZ0zFwJI4pgn6x/tdWDG9TaTKLJv/B/GmGWRgJBj5YygIziz8AF4J++4aCJUS +pbJXrApkwSQp5sqf9K2iFwFt55LjJ5FvTkXbdU4u8l7Eb/n5RQYRYe4TPUn6oGzAJA3ptU +7oA0xUwUZInrIdmPrEG4JNGDtk+TxfjVS2brk7LKINycjG0WAA2Ro83Z71UhuCAkftX1Xo +XpTpzKNbYErJNzPFpDOcIH5+RwE2HAV2oh6Pe0NAh8xiiOCqzqr03OAW/7odFUCHnKUGox +rmarFg5cZMJNYXdf7POEKOpJP4mVipPkvvLl5R0XAAAFkHgpYu14KWLtAAAAB3NzaC1yc2 +EAAAGBAL0ySCAWv2Jzk+XL20/OyV2C631YBvRuB0OiYW0F7MMLivOL/y9ZSHNm/6V7NafI +picw8d7zQURnz7lCs2NLYZXoowPFBk3tavgvOH55C/eFxP5MboJRrsqNe+6rw/pRgZb0sK +fx3fpgabFeRsS1QmWYDZ1F6bHrGWuldq8JpcuBOmH7d6h7aZZMy6TAePO67g9eESV8IUZm +dMxcCSOKYJ+sf7XVgxvU2kyiyb/wfxphlkYCQY+WMoCM4s/ABeCfvuGgiVEqWyV6wKZMEk +KebKn/StohcBbeeS4yeRb05F23VOLvJexG/5+UUGEWHuEz1J+qBswCQN6bVO6ANMVMFGSJ +6yHZj6xBuCTRg7ZPk8X41Utm65OyyiDcnIxtFgANkaPN2e9VIbggJH7V9V6F6U6cyjW2BK +yTczxaQznCB+fkcBNhwFdqIej3tDQIfMYojgqs6q9NzgFv+6HRVAh5ylBqMa5mqxYOXGTC +TWF3X+zzhCjqST+JlYqT5L7y5eUdFwAAAAMBAAEAAAGAPmfEdJksPZwj74tjZpqtvuN9K5 +YKjTtxt/RqsFxg8SDwj07hOEv54t7Zekr+sr4zWAAD9+dC4v5e/RusMhdeM+VNR+QIJVIn +k3934fepY9bC2KJ7XQ72Wad7dok/lmSmGxXQ40SbVIfStQeEzkN/iCU0cGjsIZyLgP9N+4 +RyJIMWr9UTbgZvGH1yOoCmJLbG6Vi8zSF5lFAdPH8rIIb3QhPS+DZaDacS7m5Pn7kDI7+G +oscBuwvu0oomEiKjjakC6xcI1pcH/qNjP1LVhiS6qtERQLAfKGeAQiM44lsqK018fRazMf +UujVvlafZ/92o+SEwh4e5+oS6rY+aLHoeslGN+BxEsHpyyszl3w4hRRR9XQK9Te/pWGWer +fFRiJLNlkd0pkYJguT9xTdiDC5KMyJeUhNrdcOn1Df1o3T3uqdZIaFfiGUKsruOovSIgwG +iYAKCb7b3zHfWDorP2g0Ckd87DKC3J8C6vXKJd/EO2ex+EkJWammeUwdW4mExniY+RAAAA +wD2jFsuvpecZ/MB89WG7uMVJP7eoBJrPKYfODUR1YHkxUwmEqC1jaIR07qP6EaI5P58vaG +ai7Hdp7SXidn0zeGAUFZCw8TyA9UsHWshk1ydJkspuch22VBOzgmAe2A7Rw317yqL7if9I +zYOs7ce9Epnr+qSjNCD1oRw88kwKOLxV19ty3pfp/nhu4TKzzZDJChL/h9/ZQ02ED9l6KS +ZnX/7C/f8lPMfWxJGshLJnhXvNB6wbAF06/wIRlA9IT0XFWgAAAMEA3aZyJel9M+flKiAD +sruAfbx39zpJSpizA5rI+y8UFmD4bQ7gwAnHY9+8kzQhFjLSXQ+np5T8mvCii7uxh9j406 +je2/UD5ZS7vmwcC+MoqCxvNL0kVF9FdoNmejUWqZ59Ig9p48AxVe2jG3+Rea1X45C45/1X +FucDsf5i5Nf7lAqEhM2vIuyKEWu8BSkMY84E4RTtt5S55BcGqritsUYJn/QP4DNzBo9WQd +61qg7Ve5rMEtSq+UV/Aj4x7qMbBI0PAAAAwQDahEsvkMwQuhHAPfPnn+580SuQ7KwIMyZY +BtFnIEvQfWKBU1c5kcHoeIPFZ5Bql2aVbL2AuRl+MGRoZ8wYK/rqUytjeRi0aq0IQgH8WW +PK4bL1RbHwZdyEMc/6CbAA5pd7bFQKopEmf0Md2QC2M/nwS4TAVDDQepdCzQJ9W+EzJI+L +fvJdihyB1psCLkCd7elGGnBbbTqUjAPNJJio8wZUdD/f1ZEd4KKw1joX/+c4FoLdXlpVci +dO+ciUfrz8f3kAAAAZeHV4aXV0aW5nQExBUFRPUC1BMklINlROUgEC +-----END OPENSSH PRIVATE KEY----- diff --git a/certs/rtr-client.key.pub b/certs/rtr-client.key.pub new file mode 100644 index 0000000..065826d --- /dev/null +++ b/certs/rtr-client.key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9MkggFr9ic5Ply9tPzsldgut9WAb0bgdDomFtBezDC4rzi/8vWUhzZv+lezWnyKYnMPHe80FEZ8+5QrNjS2GV6KMDxQZN7Wr4Lzh+eQv3hcT+TG6CUa7KjXvuq8P6UYGW9LCn8d36YGmxXkbEtUJlmA2dRemx6xlrpXavCaXLgTph+3eoe2mWTMukwHjzuu4PXhElfCFGZnTMXAkjimCfrH+11YMb1NpMosm/8H8aYZZGAkGPljKAjOLPwAXgn77hoIlRKlslesCmTBJCnmyp/0raIXAW3nkuMnkW9ORdt1Ti7yXsRv+flFBhFh7hM9SfqgbMAkDem1TugDTFTBRkiesh2Y+sQbgk0YO2T5PF+NVLZuuTssog3JyMbRYADZGjzdnvVSG4ICR+1fVehelOnMo1tgSsk3M8WkM5wgfn5HATYcBXaiHo97Q0CHzGKI4KrOqvTc4Bb/uh0VQIecpQajGuZqsWDlxkwk1hd1/s84Qo6kk/iZWKk+S+8uXlHRc= xuxiuting@LAPTOP-A2IH6TNR diff --git a/certs/rtr-client.pem b/certs/rtr-client.pem new file mode 100644 index 0000000..7b646a1 --- /dev/null +++ b/certs/rtr-client.pem @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEAvTJIIBa/YnOT5cvbT87JXYLrfVgG9G4HQ6JhbQXswwuK84v/L1lI +c2b/pXs1p8imJzDx3vNBRGfPuUKzY0thleijA8UGTe1q+C84fnkL94XE/kxuglGuyo177q +vD+lGBlvSwp/Hd+mBpsV5GxLVCZZgNnUXpsesZa6V2rwmly4E6Yft3qHtplkzLpMB487ru +D14RJXwhRmZ0zFwJI4pgn6x/tdWDG9TaTKLJv/B/GmGWRgJBj5YygIziz8AF4J++4aCJUS +pbJXrApkwSQp5sqf9K2iFwFt55LjJ5FvTkXbdU4u8l7Eb/n5RQYRYe4TPUn6oGzAJA3ptU +7oA0xUwUZInrIdmPrEG4JNGDtk+TxfjVS2brk7LKINycjG0WAA2Ro83Z71UhuCAkftX1Xo +XpTpzKNbYErJNzPFpDOcIH5+RwE2HAV2oh6Pe0NAh8xiiOCqzqr03OAW/7odFUCHnKUGox +rmarFg5cZMJNYXdf7POEKOpJP4mVipPkvvLl5R0XAAAFkHgpYu14KWLtAAAAB3NzaC1yc2 +EAAAGBAL0ySCAWv2Jzk+XL20/OyV2C631YBvRuB0OiYW0F7MMLivOL/y9ZSHNm/6V7NafI +picw8d7zQURnz7lCs2NLYZXoowPFBk3tavgvOH55C/eFxP5MboJRrsqNe+6rw/pRgZb0sK +fx3fpgabFeRsS1QmWYDZ1F6bHrGWuldq8JpcuBOmH7d6h7aZZMy6TAePO67g9eESV8IUZm +dMxcCSOKYJ+sf7XVgxvU2kyiyb/wfxphlkYCQY+WMoCM4s/ABeCfvuGgiVEqWyV6wKZMEk +KebKn/StohcBbeeS4yeRb05F23VOLvJexG/5+UUGEWHuEz1J+qBswCQN6bVO6ANMVMFGSJ +6yHZj6xBuCTRg7ZPk8X41Utm65OyyiDcnIxtFgANkaPN2e9VIbggJH7V9V6F6U6cyjW2BK +yTczxaQznCB+fkcBNhwFdqIej3tDQIfMYojgqs6q9NzgFv+6HRVAh5ylBqMa5mqxYOXGTC +TWF3X+zzhCjqST+JlYqT5L7y5eUdFwAAAAMBAAEAAAGAPmfEdJksPZwj74tjZpqtvuN9K5 +YKjTtxt/RqsFxg8SDwj07hOEv54t7Zekr+sr4zWAAD9+dC4v5e/RusMhdeM+VNR+QIJVIn +k3934fepY9bC2KJ7XQ72Wad7dok/lmSmGxXQ40SbVIfStQeEzkN/iCU0cGjsIZyLgP9N+4 +RyJIMWr9UTbgZvGH1yOoCmJLbG6Vi8zSF5lFAdPH8rIIb3QhPS+DZaDacS7m5Pn7kDI7+G +oscBuwvu0oomEiKjjakC6xcI1pcH/qNjP1LVhiS6qtERQLAfKGeAQiM44lsqK018fRazMf +UujVvlafZ/92o+SEwh4e5+oS6rY+aLHoeslGN+BxEsHpyyszl3w4hRRR9XQK9Te/pWGWer +fFRiJLNlkd0pkYJguT9xTdiDC5KMyJeUhNrdcOn1Df1o3T3uqdZIaFfiGUKsruOovSIgwG +iYAKCb7b3zHfWDorP2g0Ckd87DKC3J8C6vXKJd/EO2ex+EkJWammeUwdW4mExniY+RAAAA +wD2jFsuvpecZ/MB89WG7uMVJP7eoBJrPKYfODUR1YHkxUwmEqC1jaIR07qP6EaI5P58vaG +ai7Hdp7SXidn0zeGAUFZCw8TyA9UsHWshk1ydJkspuch22VBOzgmAe2A7Rw317yqL7if9I +zYOs7ce9Epnr+qSjNCD1oRw88kwKOLxV19ty3pfp/nhu4TKzzZDJChL/h9/ZQ02ED9l6KS +ZnX/7C/f8lPMfWxJGshLJnhXvNB6wbAF06/wIRlA9IT0XFWgAAAMEA3aZyJel9M+flKiAD +sruAfbx39zpJSpizA5rI+y8UFmD4bQ7gwAnHY9+8kzQhFjLSXQ+np5T8mvCii7uxh9j406 +je2/UD5ZS7vmwcC+MoqCxvNL0kVF9FdoNmejUWqZ59Ig9p48AxVe2jG3+Rea1X45C45/1X +FucDsf5i5Nf7lAqEhM2vIuyKEWu8BSkMY84E4RTtt5S55BcGqritsUYJn/QP4DNzBo9WQd +61qg7Ve5rMEtSq+UV/Aj4x7qMbBI0PAAAAwQDahEsvkMwQuhHAPfPnn+580SuQ7KwIMyZY +BtFnIEvQfWKBU1c5kcHoeIPFZ5Bql2aVbL2AuRl+MGRoZ8wYK/rqUytjeRi0aq0IQgH8WW +PK4bL1RbHwZdyEMc/6CbAA5pd7bFQKopEmf0Md2QC2M/nwS4TAVDDQepdCzQJ9W+EzJI+L +fvJdihyB1psCLkCd7elGGnBbbTqUjAPNJJio8wZUdD/f1ZEd4KKw1joX/+c4FoLdXlpVci +dO+ciUfrz8f3kAAAAZeHV4aXV0aW5nQExBUFRPUC1BMklINlROUgEC +-----END OPENSSH PRIVATE KEY----- diff --git a/certs/ssh_host_rsa_key b/certs/ssh_host_rsa_key new file mode 100644 index 0000000..9656090 --- /dev/null +++ b/certs/ssh_host_rsa_key @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEA08poqyD9GeB7YdNabpl6cFff3yHu7/E6usvW9/BY05HjYVDWSUCB +tLLI+1Z2w00/8BuOKECZ8ExSfMWyMHWDQWc2wXL8ZYZPQjzqOCWXNsNt9DXMin7DGS3Lg4 +DCssl3m3cMMRkQcaKlGbdOLMJayt3ABHf+lovRK8D9U6eGACsX4+F7zoSb5lhNauIrH329 +sxKq5HF8nKgQECivc4zvsUBdFXxSak3nNRmA+Sc58IwBf8liv+exWYHUCrh/Y3Q7s8pE5e +xvPdbkpESk2ze7sIarZ5E3q4FYZP7w6Mc/BJ9BVz+YmkIVcDtm0wwGMFL56bfx2l87GgZR +mHjWV+6vnXC6ikH3KJI+yCqhiL1rUoaVgWCpHsUsF6ZHlZP9Go0QH3ZAo0pDGnqxJJPZa2 +zUOaF6xxF3IUOtZ/oMZGNqX+WuiXKuqTMLcL7NcT+WQXYk1zRcHW9CJ8XmCl4xSymEA7kI +7ObGwJ1Vfi/ocIUjgtMxdYOWaGYAuFp0aY4/nv3tAAAFkKmSKaOpkimjAAAAB3NzaC1yc2 +EAAAGBANPKaKsg/Rnge2HTWm6ZenBX398h7u/xOrrL1vfwWNOR42FQ1klAgbSyyPtWdsNN +P/AbjihAmfBMUnzFsjB1g0FnNsFy/GWGT0I86jgllzbDbfQ1zIp+wxkty4OAwrLJd5t3DD +EZEHGipRm3TizCWsrdwAR3/paL0SvA/VOnhgArF+Phe86Em+ZYTWriKx99vbMSquRxfJyo +EBAor3OM77FAXRV8UmpN5zUZgPknOfCMAX/JYr/nsVmB1Aq4f2N0O7PKROXsbz3W5KREpN +s3u7CGq2eRN6uBWGT+8OjHPwSfQVc/mJpCFXA7ZtMMBjBS+em38dpfOxoGUZh41lfur51w +uopB9yiSPsgqoYi9a1KGlYFgqR7FLBemR5WT/RqNEB92QKNKQxp6sSST2Wts1DmhescRdy +FDrWf6DGRjal/lrolyrqkzC3C+zXE/lkF2JNc0XB1vQifF5gpeMUsphAO5COzmxsCdVX4v +6HCFI4LTMXWDlmhmALhadGmOP5797QAAAAMBAAEAAAGARE9apyeCux/ua8URu+6A0U9mg7 ++cI4P431rzwRCidcruPesm0oWd0DyCGp7uu1tlLfqVRWJgxGK5kEjrijm81hGGVarSwaQq +WEDxgp6NQTqTclsP1/O+1ZYxt/6FzcixbVFee0+MQDqnab331vPw+NHBJy/Uy5XZJ3Wdv6 +eeztsXX4bQufGHnyoH/ltocUXLM8DnobsA6D5EwBF/VZO1k8QgwddRdbwewL+zG6mNRIrD +yQWZdjAywZ3gWHzdiaRpLtwIqqVq6q+2nphu41sJTKbU9ZrDLz4YZ4eawPloeukTq+mChS +UyYK4gomNUG1RugeQNiGW1SG/fDMMVWzYDxmnKxBrVvv/J1AHhyQbScjDjGLxo9aG5A2XJ +8kfZbkgTsfUP0IhmOFOK2KlRiZDuSGBNGgrEWxzpA/G4T5WGzBDT2pvW6yn5BQDCzpMwy6 +sNiB3cdWNHGyy4Gu/c2Owljb0RukXsfkFN5oaj4fXo2E+Yymm7qTUuPVDgay3/W1cBAAAA +wEL4j23iXytSSR5U5x0XvVKobDwM+SgOJ1OKhm9FsXmPBDnT/3FzNJ6dZNVYYPtM5Pbal5 +J6soTlHwsHvEJxakrH0B9WqKAhShpJ/pC3UIpxaHAWQ5bk9Z3mBfwSargUFUZDz+hoCEFR +ZwdSU9LI8vK/nk4urhxMi7BjAHh/acRo5AoOVk9zDTq4FhvwtQG0P6HKZoHLcLKh7Hxm0e +OPhiWwfXt5TQSgAI4kIKy3UOwxFgsNsI5JLFMWuZ8KUdFCaQAAAMEA8+cTAauvEmDHlg+D +1KtlbxT96lN2RRruvRO/VxAomP8ZLPV4/9EpS6oTYaWve1TibD1HgJ5k22BBBGOAbEuhz2 +jBxIL2JaGUNmWR1Tofe7s+VY/AKbepwBmTxelyIhbhAcXToFjUIS3398+bxbiSYEU3hmAA +EmeHui5kZYRcU3Lxv24qfdc9tjaAm3i4OIlhv+QPteJRWB54pdVuYaIZDsSp9mC4BzVNmN +hJiJ4gB+JEigfp30200Q69soM4umnNAAAAwQDeS5i0cChxeppZ3RbOecZuNE3t09L18nFv +h8KBXQ/UBt/Z6ElUWME/YATJ4eNUp+/VzyhxmMDzt3yG+k182qe6on4Q73MGgZ+l2mc6TL +sgN/WoqT0H0P7N3QFqvIsKqH4zHcQFYwx6sgEvCppI7dWP1xkBedjXw6hL7j3poXp+lfT3 +XVGt1J6hMvgXUiyl+xAHjXnH7qU1oTw6Bn/O8hWylFBXSzzdVGjI+NYAzg4vAB+XecJx4V +gOi7X82F9oRKEAAAAZeHV4aXV0aW5nQExBUFRPUC1BMklINlROUgEC +-----END OPENSSH PRIVATE KEY----- diff --git a/certs/ssh_host_rsa_key.pub b/certs/ssh_host_rsa_key.pub new file mode 100644 index 0000000..a3e7657 --- /dev/null +++ b/certs/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTymirIP0Z4Hth01pumXpwV9/fIe7v8Tq6y9b38FjTkeNhUNZJQIG0ssj7VnbDTT/wG44oQJnwTFJ8xbIwdYNBZzbBcvxlhk9CPOo4JZc2w230NcyKfsMZLcuDgMKyyXebdwwxGRBxoqUZt04swlrK3cAEd/6Wi9ErwP1Tp4YAKxfj4XvOhJvmWE1q4isffb2zEqrkcXycqBAQKK9zjO+xQF0VfFJqTec1GYD5JznwjAF/yWK/57FZgdQKuH9jdDuzykTl7G891uSkRKTbN7uwhqtnkTergVhk/vDoxz8En0FXP5iaQhVwO2bTDAYwUvnpt/HaXzsaBlGYeNZX7q+dcLqKQfcokj7IKqGIvWtShpWBYKkexSwXpkeVk/0ajRAfdkCjSkMaerEkk9lrbNQ5oXrHEXchQ61n+gxkY2pf5a6Jcq6pMwtwvs1xP5ZBdiTXNFwdb0InxeYKXjFLKYQDuQjs5sbAnVV+L+hwhSOC0zF1g5ZoZgC4WnRpjj+e/e0= xuxiuting@LAPTOP-A2IH6TNR diff --git a/certs/testkey b/certs/testkey new file mode 100644 index 0000000..38685db --- /dev/null +++ b/certs/testkey @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAo7qsNAU +RiW+8UlbN+a34gAAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIMSj2JT9F+tcY/IA +/qQda0zzC5B768tkm4JwwBHI/dtnAAAAoEVxoJY8k0yGG43sZ9YchTOlEiVpSF3rw0i1Ce +lqjCx5RrtYMMmnZCIw4oo4kp6ATlluqGoR58BkJPhTW4i/pGH7sqJHltFNhFAu2VMNOlhp +Eu5WDTotsDpDX7J5A9Lmc5zMdCvoRr+FUd314N7N/5GV4yyUiXlunMFbtgt6QBzYvakqqv +pIWhsfz3mBe+oenAFpXkrdkQe6Jsy88ZVwVyI= +-----END OPENSSH PRIVATE KEY----- diff --git a/certs/testkey.pub b/certs/testkey.pub new file mode 100644 index 0000000..585d967 --- /dev/null +++ b/certs/testkey.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSj2JT9F+tcY/IA/qQda0zzC5B768tkm4JwwBHI/dtn xuxiuting@LAPTOP-A2IH6TNR diff --git a/certs/testkey3 b/certs/testkey3 new file mode 100644 index 0000000..adfa38d --- /dev/null +++ b/certs/testkey3 @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABACsU5bHT +9Ps+FePAk6wYjzAAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIADxGbVl4d3SirJF +LBUz7CnzNZMWCDc9iL8BmxjIYGpNAAAAoPryTWyd3TszwaRBXRTGSxvAKW8Um9VYdphhFr +CkePw369/VBarJJmRqUO6lPG3WfCyVG3N3yW+05Y0dVy53G885GWEoQQoy93Q3JY6dfQa4 +soxlJSROPz/I0X30gq/p5jR6WFHCWUcEZ61BkHhUW8c1R9vtmlBdsTbtbhJWczeKrbyj+p +UcFxN6YEoXl39c9GbCCyd785cgTof4rmEDvQ0= +-----END OPENSSH PRIVATE KEY----- diff --git a/certs/testkey3.pub b/certs/testkey3.pub new file mode 100644 index 0000000..9fb8b46 --- /dev/null +++ b/certs/testkey3.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADxGbVl4d3SirJFLBUz7CnzNZMWCDc9iL8BmxjIYGpN xuxiuting@LAPTOP-A2IH6TNR diff --git a/data/20260303T000001Z-mini-a.ccr b/data/20260303T000001Z-mini-a.ccr new file mode 100644 index 0000000..5ac8493 Binary files /dev/null and b/data/20260303T000001Z-mini-a.ccr differ diff --git a/data/20260305T000101Z-mini-b.ccr b/data/20260305T000101Z-mini-b.ccr new file mode 100644 index 0000000..fe1fc8e Binary files /dev/null and b/data/20260305T000101Z-mini-b.ccr differ diff --git a/data/20260324T091640Z-yyz1.ccr b/data/20260324T091640Z-yyz1.ccr new file mode 100644 index 0000000..7853517 Binary files /dev/null and b/data/20260324T091640Z-yyz1.ccr differ diff --git a/data/20260415-apnic.ccr b/data/20260415-apnic.ccr new file mode 100644 index 0000000..effaf49 Binary files /dev/null and b/data/20260415-apnic.ccr differ diff --git a/data/mini_data/20260403T000001Z-mini-a.ccr b/data/mini_data/20260403T000001Z-mini-a.ccr new file mode 100644 index 0000000..5ac8493 Binary files /dev/null and b/data/mini_data/20260403T000001Z-mini-a.ccr differ diff --git a/data/mini_data/20260403T000101Z-mini-b.ccr b/data/mini_data/20260403T000101Z-mini-b.ccr new file mode 100644 index 0000000..fe1fc8e Binary files /dev/null and b/data/mini_data/20260403T000101Z-mini-b.ccr differ diff --git a/data/mini_data/20260403T000201Z-mini-c.ccr b/data/mini_data/20260403T000201Z-mini-c.ccr new file mode 100644 index 0000000..44efe38 Binary files /dev/null and b/data/mini_data/20260403T000201Z-mini-c.ccr differ diff --git a/data/mini_data/20260415-apnic.ccr b/data/mini_data/20260415-apnic.ccr new file mode 100644 index 0000000..effaf49 Binary files /dev/null and b/data/mini_data/20260415-apnic.ccr differ diff --git a/deploy/bird/Dockerfile b/deploy/bird/Dockerfile index 0ff4b4d..c01dabc 100644 --- a/deploy/bird/Dockerfile +++ b/deploy/bird/Dockerfile @@ -1,10 +1,53 @@ +FROM debian:bookworm-slim AS builder + +ARG BIRD_VERSION=3.2.1 + +RUN apt-get update && apt-get install -y --no-install-recommends \ + build-essential \ + bison \ + flex \ + m4 \ + perl \ + ca-certificates \ + wget \ + xz-utils \ + libreadline-dev \ + libncurses-dev \ + libssh-dev \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /build + +RUN wget -O bird.tar.gz "https://bird.nic.cz/download/bird-${BIRD_VERSION}.tar.gz" \ + && tar -xzf bird.tar.gz \ + && mv "bird-${BIRD_VERSION}" bird + +WORKDIR /build/bird + +RUN ./configure \ + --prefix=/usr \ + --sysconfdir=/etc/bird \ + --localstatedir=/run \ + && make -j"$(nproc)" \ + && make install + FROM debian:bookworm-slim -RUN apt-get update \ - && apt-get install -y --no-install-recommends bird2 ca-certificates \ - && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + netcat-openbsd \ + libreadline8 \ + libncurses6 \ + libtinfo6 \ + libssh-4 \ + && rm -rf /var/lib/apt/lists/* + +COPY --from=builder /usr/sbin/bird /usr/sbin/bird +COPY --from=builder /usr/sbin/birdc /usr/sbin/birdc +COPY --from=builder /etc/bird /etc/bird COPY entrypoint.sh /entrypoint.sh -RUN chmod +x /entrypoint.sh +RUN chmod +x /entrypoint.sh \ + && mkdir -p /run/bird ENTRYPOINT ["/entrypoint.sh"] diff --git a/deploy/bird/README.md b/deploy/bird/README.md index b80c356..ba4b570 100644 --- a/deploy/bird/README.md +++ b/deploy/bird/README.md @@ -5,19 +5,19 @@ against this repository's RTR server defaults. Server defaults in this repo: - TCP: `0.0.0.0:323` -- TLS: `0.0.0.0:324` +- SSH: `0.0.0.0:22` (when enabled on server) ## Files - `Dockerfile`: builds a minimal BIRD2 runtime image. - `bird.conf.example`: sample `/etc/bird/bird.conf`. -- `bird.conf.tls.example`: sample TLS/mTLS `/etc/bird/bird.conf`. +- `bird.conf.ssh.example`: sample SSH transport `/etc/bird/bird.conf`. - `entrypoint.sh`: starts BIRD in foreground mode. - `docker-compose.yml`: one-click local TCP test client. -- `docker-compose.tls.yml`: compose override for TLS/mTLS. +- `docker-compose.ssh.yml`: compose override for SSH transport. By default, the container prints periodic RPKI protocol snapshots to logs -every 5 seconds. +every 30 seconds. ## Docker quick start @@ -48,12 +48,20 @@ Stop: docker compose -f deploy/bird/docker-compose.yml down ``` -## TLS/mTLS quick start +## SSH quick start + +Start server in SSH mode first: + +```bash +docker compose -f deploy/server/docker-compose.ssh.yml up -d --build +``` + +Start BIRD client with SSH override: ```bash docker compose \ -f deploy/bird/docker-compose.yml \ - -f deploy/bird/docker-compose.tls.yml \ + -f deploy/bird/docker-compose.ssh.yml \ up --build ``` @@ -65,11 +73,14 @@ docker logs -f bird-rpki-client ## Notes -- This setup targets RTR over TCP (`remote "127.0.0.1" port 323`). +- This setup targets RTR over TCP (`remote "host.docker.internal" port 323`). - `network_mode: host` expects your RTR server to be reachable at - `127.0.0.1:323` from the Docker host. -- TLS override mounts `../../certs` into `/etc/bird/certs`. + `host.docker.internal:323` from the container. - Observation is controlled by env vars: - `OBSERVE_INTERVAL` (seconds, default `5`) and `OBSERVE_PROTO`. + `OBSERVE_INTERVAL` (seconds, default `30`) and `OBSERVE_PROTO`. +- SSH mode mounts `../../certs` into `/config/ssh` and expects: + `bird-rtr-client.pem` and `ssh_host_rsa_key.pub`. +- Entrypoint auto-generates `/run/bird/known_hosts` from + `/config/ssh/ssh_host_rsa_key.pub` for BIRD SSH host-key verification. - If your environment does not support Docker host networking, switch to a bridge network and replace `remote` addresses accordingly. diff --git a/deploy/bird/README.zh.md b/deploy/bird/README.zh.md index 7c9ba0a..5d7cf8f 100644 --- a/deploy/bird/README.zh.md +++ b/deploy/bird/README.zh.md @@ -1,21 +1,21 @@ # BIRD 最小化 RTR 客户端配置 -本目录提供一个最小化 BIRD 配置,用于和本仓库 RTR Server 做黑盒互通测试。 +本目录提供最小化 BIRD 配置,用于与本仓库 RTR Server 做黑盒互通测试。 本仓库默认 RTR 监听地址: - TCP: `0.0.0.0:323` -- TLS: `0.0.0.0:324` +- SSH: `0.0.0.0:22`(仅在 server SSH 模式启用时) ## 文件说明 -- `Dockerfile`: 构建最小 BIRD2 运行镜像。 +- `Dockerfile`: 构建最小 BIRD 运行镜像(包含 SSH transport 支持)。 - `bird.conf.example`: `/etc/bird/bird.conf` 的 TCP 示例。 -- `bird.conf.tls.example`: `/etc/bird/bird.conf` 的 TLS/mTLS 示例。 -- `entrypoint.sh`: 前台启动 BIRD。 +- `bird.conf.ssh.example`: `/etc/bird/bird.conf` 的 SSH transport 示例。 +- `entrypoint.sh`: 前台启动 BIRD,并周期输出协议快照。 - `docker-compose.yml`: TCP 一键启动。 -- `docker-compose.tls.yml`: TLS/mTLS 覆盖文件。 +- `docker-compose.ssh.yml`: SSH 覆盖配置。 -容器默认每 5 秒向日志输出一次 RPKI 协议状态快照。 +容器默认每 30 秒向日志输出一次 RPKI 协议状态快照。 ## Docker 快速启动(TCP) @@ -25,7 +25,7 @@ docker compose -f deploy/bird/docker-compose.yml up --build ``` -另开一个终端查看日志: +另开终端查看日志: ```bash docker logs -f bird-rpki-client @@ -46,18 +46,35 @@ docker logs -f bird-rpki-client docker compose -f deploy/bird/docker-compose.yml down ``` -## TLS/mTLS 快速启动 +## SSH 快速启动 + +先启动 server 的 SSH 模式: + +```bash +docker compose -f deploy/server/docker-compose.ssh.yml up -d --build +``` + +再启动 BIRD SSH 客户端: ```bash docker compose \ -f deploy/bird/docker-compose.yml \ - -f deploy/bird/docker-compose.tls.yml \ + -f deploy/bird/docker-compose.ssh.yml \ up --build ``` +查看日志: + +```bash +docker logs -f bird-rpki-client +``` + ## 说明 -- 当前 compose 使用 `network_mode: host`,要求容器可通过 `127.0.0.1` 访问宿主机 RTR Server。 -- TLS 覆盖文件会把 `../../certs` 挂载到容器内 `/etc/bird/certs`。 -- 观测频率由环境变量控制:`OBSERVE_INTERVAL`(秒,默认 `5`)和 `OBSERVE_PROTO`。 -- 若你运行在 Docker Desktop(非 Linux 原生 host network 场景),建议改为自定义 bridge 网络并把 `remote` 地址改成可达的 server 容器名或宿主地址。 +- 当前 compose 使用 `network_mode: host`,默认通过 `host.docker.internal` 访问 server。 +- 观测频率由环境变量控制:`OBSERVE_INTERVAL`(秒,默认 `30`)和 `OBSERVE_PROTO`。 +- SSH 模式会将 `../../certs` 挂载到容器 `/config/ssh`,并使用: + `bird-rtr-client.pem`、`ssh_host_rsa_key.pub`。 +- 入口脚本会基于 `/config/ssh/ssh_host_rsa_key.pub` 自动生成 + `/run/bird/known_hosts`,用于 BIRD 的 SSH 主机密钥校验。 +- 如果你运行在 Docker Desktop(非 Linux 原生 host network 场景),建议改为自定义 bridge 网络并将 `remote` 地址改成可达的 server 容器名或宿主机地址。 diff --git a/deploy/bird/_probe_subsystem.conf b/deploy/bird/_probe_subsystem.conf new file mode 100644 index 0000000..5292756 --- /dev/null +++ b/deploy/bird/_probe_subsystem.conf @@ -0,0 +1,31 @@ +log stderr all; +router id 192.0.2.2; + +roa4 table rtr_roa_v4; +roa6 table rtr_roa_v6; +aspa table rtr_aspa; + +protocol device { +} + +protocol rpki rpki_ssh { + roa4 { table rtr_roa_v4; }; + roa6 { table rtr_roa_v6; }; + aspa { table rtr_aspa; }; + + remote "host.docker.internal" port 22; + + min version 2; + max version 2; + + refresh 3600; + retry 600; + expire 7200; + + transport ssh { + user "rpki-rtr"; + bird private key "/config/ssh/rtr-client.key"; + remote public key "/run/bird/known_hosts"; + subsystem "rpki-rtr"; + }; +} diff --git a/deploy/bird/bird.conf b/deploy/bird/bird.conf new file mode 100644 index 0000000..df5e6af --- /dev/null +++ b/deploy/bird/bird.conf @@ -0,0 +1,28 @@ +log stderr all; +router id 192.0.2.2; + +roa4 table rtr_roa_v4; +roa6 table rtr_roa_v6; +aspa table rtr_aspa; + +protocol device { +} + +protocol rpki rpki_tcp { + roa4 { table rtr_roa_v4; }; + roa6 { table rtr_roa_v6; }; + aspa { table rtr_aspa; }; + + remote "host.docker.internal" port 323; + + min version 2; + max version 2; + + refresh 3600; + retry 600; + expire 7200; + + transport tcp { + authentication none; + }; +} \ No newline at end of file diff --git a/deploy/bird/bird.conf.example b/deploy/bird/bird.conf.example index 5e75a5e..df5e6af 100644 --- a/deploy/bird/bird.conf.example +++ b/deploy/bird/bird.conf.example @@ -3,6 +3,7 @@ router id 192.0.2.2; roa4 table rtr_roa_v4; roa6 table rtr_roa_v6; +aspa table rtr_aspa; protocol device { } @@ -10,6 +11,18 @@ protocol device { protocol rpki rpki_tcp { roa4 { table rtr_roa_v4; }; roa6 { table rtr_roa_v6; }; + aspa { table rtr_aspa; }; - remote "127.0.0.1" port 323; -} + remote "host.docker.internal" port 323; + + min version 2; + max version 2; + + refresh 3600; + retry 600; + expire 7200; + + transport tcp { + authentication none; + }; +} \ No newline at end of file diff --git a/deploy/bird/bird.conf.ssh.example b/deploy/bird/bird.conf.ssh.example new file mode 100644 index 0000000..e419d4a --- /dev/null +++ b/deploy/bird/bird.conf.ssh.example @@ -0,0 +1,30 @@ +log stderr all; +router id 192.0.2.2; + +roa4 table rtr_roa_v4; +roa6 table rtr_roa_v6; +aspa table rtr_aspa; + +protocol device { +} + +protocol rpki rpki_ssh { + roa4 { table rtr_roa_v4; }; + roa6 { table rtr_roa_v6; }; + aspa { table rtr_aspa; }; + + remote "host.docker.internal" port 22; + + min version 2; + max version 2; + + refresh 3600; + retry 600; + expire 7200; + + transport ssh { + user "rpki-rtr"; + bird private key "/config/ssh/bird-rtr-client.pem"; + remote public key "/run/bird/known_hosts"; + }; +} diff --git a/deploy/bird/bird.conf.tls.example b/deploy/bird/bird.conf.tls.example deleted file mode 100644 index c1ee97e..0000000 --- a/deploy/bird/bird.conf.tls.example +++ /dev/null @@ -1,21 +0,0 @@ -log stderr all; -router id 192.0.2.2; - -roa4 table rtr_roa_v4; -roa6 table rtr_roa_v6; - -protocol device { -} - -protocol rpki rpki_tls { - roa4 { table rtr_roa_v4; }; - roa6 { table rtr_roa_v6; }; - - remote "127.0.0.1" port 324; - - transport tls { - ca file "/etc/bird/certs/client-ca.crt"; - cert file "/etc/bird/certs/client-good.crt"; - key file "/etc/bird/certs/client-good.key"; - }; -} diff --git a/deploy/bird/docker-compose.ssh.yml b/deploy/bird/docker-compose.ssh.yml new file mode 100644 index 0000000..609e3de --- /dev/null +++ b/deploy/bird/docker-compose.ssh.yml @@ -0,0 +1,9 @@ +services: + bird-rpki-client: + environment: + RPKI_HOST: "host.docker.internal" + RPKI_PORT: "${RPKI_RTR_SSH_PORT:-22}" + OBSERVE_PROTO: "rpki_ssh" + volumes: + - ./bird.conf.ssh.example:/config/bird.conf:ro + - ../../certs:/config/ssh:ro diff --git a/deploy/bird/docker-compose.tls.yml b/deploy/bird/docker-compose.tls.yml deleted file mode 100644 index 4a14666..0000000 --- a/deploy/bird/docker-compose.tls.yml +++ /dev/null @@ -1,7 +0,0 @@ -services: - bird-rpki-client: - environment: - OBSERVE_PROTO: rpki_tls - volumes: - - ./bird.conf.tls.example:/etc/bird/bird.conf:ro - - ../../certs:/etc/bird/certs:ro diff --git a/deploy/bird/docker-compose.yml b/deploy/bird/docker-compose.yml index 897a4f5..7f0a92b 100644 --- a/deploy/bird/docker-compose.yml +++ b/deploy/bird/docker-compose.yml @@ -3,11 +3,30 @@ services: build: context: . dockerfile: Dockerfile + args: + BIRD_VERSION: "3.2.1" container_name: bird-rpki-client restart: unless-stopped network_mode: host environment: - OBSERVE_INTERVAL: "5" - OBSERVE_PROTO: rpki_tcp + BIRD_CONFIG_PATH: "/config/bird.conf" + + RPKI_HOST: "host.docker.internal" + RPKI_PORT: "323" + + OBSERVE_PROTO: "rpki_tcp" + OBSERVE_INTERVAL: "30" + + OBSERVE_ASPA_TABLE: "rtr_aspa" + OBSERVE_ROA4_TABLE: "rtr_roa_v4" + OBSERVE_ROA6_TABLE: "rtr_roa_v6" + + OBSERVE_ASPA_COUNT: "3" + OBSERVE_ROA4_COUNT: "3" + OBSERVE_ROA6_COUNT: "3" + + SHOW_ASPA: "1" + SHOW_ROA4: "1" + SHOW_ROA6: "1" volumes: - - ./bird.conf.example:/etc/bird/bird.conf:ro + - ./bird.conf:/config/bird.conf:ro \ No newline at end of file diff --git a/deploy/bird/entrypoint.sh b/deploy/bird/entrypoint.sh index 08d5bbe..aa2ee0e 100644 --- a/deploy/bird/entrypoint.sh +++ b/deploy/bird/entrypoint.sh @@ -5,9 +5,122 @@ mkdir -p /run/bird SOCK_PATH="/run/bird/bird.ctl" PROTO="${OBSERVE_PROTO:-rpki_tcp}" -INTERVAL="${OBSERVE_INTERVAL:-5}" +INTERVAL="${OBSERVE_INTERVAL:-30}" +RPKI_HOST="${RPKI_HOST:-host.docker.internal}" +RPKI_PORT="${RPKI_PORT:-323}" -bird -f -c /etc/bird/bird.conf -s "$SOCK_PATH" & +BIRD_CONFIG_PATH="${BIRD_CONFIG_PATH:-/config/bird.conf}" + +ASPA_TABLE="${OBSERVE_ASPA_TABLE:-rtr_aspa}" +ROA4_TABLE="${OBSERVE_ROA4_TABLE:-rtr_roa_v4}" +ROA6_TABLE="${OBSERVE_ROA6_TABLE:-rtr_roa_v6}" + +ASPA_COUNT="${OBSERVE_ASPA_COUNT:-3}" +ROA4_COUNT="${OBSERVE_ROA4_COUNT:-3}" +ROA6_COUNT="${OBSERVE_ROA6_COUNT:-3}" + +SHOW_ASPA="${SHOW_ASPA:-1}" +SHOW_ROA4="${SHOW_ROA4:-1}" +SHOW_ROA6="${SHOW_ROA6:-1}" +SSH_HOST_PUBKEY_PATH="${SSH_HOST_PUBKEY_PATH:-/config/ssh/ssh_host_rsa_key.pub}" +SSH_KNOWN_HOSTS_PATH="${SSH_KNOWN_HOSTS_PATH:-/run/bird/known_hosts}" + +ensure_ssh_known_hosts() { + if [ -s "$SSH_KNOWN_HOSTS_PATH" ]; then + return + fi + + if [ ! -r "$SSH_HOST_PUBKEY_PATH" ]; then + echo "[entrypoint] WARNING: SSH host key file not found: $SSH_HOST_PUBKEY_PATH" + return + fi + + set -- $(awk 'NF >= 2 { print $1, $2; exit }' "$SSH_HOST_PUBKEY_PATH") + if [ $# -ne 2 ]; then + echo "[entrypoint] WARNING: invalid SSH host key format in $SSH_HOST_PUBKEY_PATH" + return + fi + + key_type="$1" + key_data="$2" + + if echo "$key_type" | grep -q '^ssh-'; then + { + echo "$RPKI_HOST $key_type $key_data" + echo "[$RPKI_HOST]:$RPKI_PORT $key_type $key_data" + } > "$SSH_KNOWN_HOSTS_PATH" + else + cp "$SSH_HOST_PUBKEY_PATH" "$SSH_KNOWN_HOSTS_PATH" + fi + + chmod 600 "$SSH_KNOWN_HOSTS_PATH" || true + echo "[entrypoint] generated known_hosts: $SSH_KNOWN_HOSTS_PATH" +} + +print_first_n_objects() { + table_name="$1" + max_objects="$2" + + birdc -s "$SOCK_PATH" show route table "$table_name" all 2>/dev/null | awk -v max="$max_objects" ' + BEGIN { + count = 0 + } + + # 直接跳过空行 + /^[[:space:]]*$/ { + next + } + + # 保留 birdc 的表头 + /^BIRD / { + print + next + } + + /^Table / { + print + next + } + + # 非缩进且不是表头,视为一个新对象的开始 + /^[^[:space:]]/ { + count++ + if (count > max) { + exit + } + print + next + } + + # 缩进内容,只有在已进入前 max 个对象时才打印 + { + if (count > 0 && count <= max) { + print + } + } + ' || true +} + +echo "[entrypoint] starting bird" +echo "[entrypoint] config : $BIRD_CONFIG_PATH" +echo "[entrypoint] observe proto : $PROTO" +echo "[entrypoint] observe interval : $INTERVAL" +echo "[entrypoint] target : $RPKI_HOST:$RPKI_PORT" +echo "[entrypoint] show aspa : $SHOW_ASPA ($ASPA_TABLE, first $ASPA_COUNT objects)" +echo "[entrypoint] show roa4 : $SHOW_ROA4 ($ROA4_TABLE, first $ROA4_COUNT objects)" +echo "[entrypoint] show roa6 : $SHOW_ROA6 ($ROA6_TABLE, first $ROA6_COUNT objects)" + +if [ "$PROTO" = "rpki_ssh" ] || grep -q 'transport[[:space:]]\+ssh' "$BIRD_CONFIG_PATH"; then + ensure_ssh_known_hosts +fi + +if nc -zvw3 "$RPKI_HOST" "$RPKI_PORT"; then + echo "[entrypoint] TCP connectivity to $RPKI_HOST:$RPKI_PORT OK" +else + echo "[entrypoint] WARNING: cannot connect to $RPKI_HOST:$RPKI_PORT before BIRD starts" +fi + +bird -f -c "$BIRD_CONFIG_PATH" -s "$SOCK_PATH" & BIRD_PID="$!" sleep 1 @@ -22,7 +135,22 @@ if [ "$INTERVAL" -gt 0 ]; then while kill -0 "$BIRD_PID" 2>/dev/null; do echo "==== $(date -u +"%Y-%m-%dT%H:%M:%SZ") RPKI snapshot ($PROTO) ====" birdc -s "$SOCK_PATH" show protocols all "$PROTO" || true - birdc -s "$SOCK_PATH" show roa count || true + + if [ "$SHOW_ASPA" = "1" ]; then + echo "---- ASPA table ($ASPA_TABLE, first ${ASPA_COUNT} objects) ----" + print_first_n_objects "$ASPA_TABLE" "$ASPA_COUNT" + fi + + if [ "$SHOW_ROA4" = "1" ]; then + echo "---- ROA4 table ($ROA4_TABLE, first ${ROA4_COUNT} objects) ----" + print_first_n_objects "$ROA4_TABLE" "$ROA4_COUNT" + fi + + if [ "$SHOW_ROA6" = "1" ]; then + echo "---- ROA6 table ($ROA6_TABLE, first ${ROA6_COUNT} objects) ----" + print_first_n_objects "$ROA6_TABLE" "$ROA6_COUNT" + fi + sleep "$INTERVAL" done fi diff --git a/deploy/server/docker-compose.ssh.yml b/deploy/server/docker-compose.ssh.yml index 5f7608e..8c0b432 100644 --- a/deploy/server/docker-compose.ssh.yml +++ b/deploy/server/docker-compose.ssh.yml @@ -27,6 +27,7 @@ services: RPKI_RTR_SLURM_DIR: "/app/slurm" RPKI_RTR_STRICT_CCR_VALIDATION: "false" RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "300" + RUST_LOG: "info" volumes: - ../../data:/app/data:ro - ../../rtr-db:/app/rtr-db diff --git a/deploy/server/docker-compose.tcp.yml b/deploy/server/docker-compose.tcp.yml index 8d9e71b..a87cd00 100644 --- a/deploy/server/docker-compose.tcp.yml +++ b/deploy/server/docker-compose.tcp.yml @@ -20,6 +20,7 @@ services: RPKI_RTR_STRICT_CCR_VALIDATION: "false" RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "300" RPKI_RTR_MAX_CONNECTIONS: "100000" + RUST_LOG: "info" volumes: - ../../data:/app/data:ro - ../../rtr-db:/app/rtr-db diff --git a/deploy/server/docker-compose.tls.yml b/deploy/server/docker-compose.tls.yml index 831335a..4ecec57 100644 --- a/deploy/server/docker-compose.tls.yml +++ b/deploy/server/docker-compose.tls.yml @@ -24,6 +24,7 @@ services: RPKI_RTR_SLURM_DIR: "/app/slurm" RPKI_RTR_STRICT_CCR_VALIDATION: "false" RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "300" + RUST_LOG: "info" volumes: - ../../data:/app/data:ro - ../../rtr-db:/app/rtr-db