add bird deploy

add data
add certs

certs/_probe_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABChIc/mh2
+2ZlTnDw27U26Q9AAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIHh6RLKV3/Dd8Ku0
+PB+lLBZo6E+EXJ2WYLYjIzVU/5t9AAAAoLzKj5jOlcoxcNfmUjP4KnfUEQ0wB2dhwpmzym
+p7kqtBnTd7q1VZ+tszUyOEEAwvWChWPsQ5qcFkrXlI12NJVl0bv4XHXXXCoUzTuzasQhWg
+ajws+FR9McWjTwYbuxPK8nZlRMGKVv3KTEb7IKzPiB1/+XVKRQCVyzhfJCFJTSIwL66KbP
+knSamwB5g59wp8xcjPmdecqba6a7wTeHy21cg=
+-----END OPENSSH PRIVATE KEY-----

certs/_probe_key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHh6RLKV3/Dd8Ku0PB+lLBZo6E+EXJ2WYLYjIzVU/5t9 xuxiuting@LAPTOP-A2IH6TNR

certs/bird-rtr-client.key

@@ -0,0 +1,39 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAaTeJ0Al
+IMgPHrgsaVr3RlAAAAGAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQDQGmbM6oQ3
+HYuaghpNTbIfOQQqC7m0vX5dUqcDlhlMyntyHAQOCzV8M5jbr2REeyTw60XXEezvb05mRm
+4NKQXJGsBR+/n5ZgvxpSFfso9ZBTTflEwBgBSQdoz/abWXe2inJ1MATu2An1vIAERQO/Gv
+V9HYcLgF3sZ9T6X6yvVUt5TKWaQ2wNKQb3KNTpnBzrK74gkUaDj1HUt/DeVk42L80boycK
+Zq2/jkHb4U6ThRXof7NJzgpHMgtMbCwAsN68fY4iIIN1046TIGHwy0sJaYrRDVzpWFLRS+
+hc68g5MWbhtiUFGGVjjMkUbSwegorB6hRxEyMYjn1bhLuUhiMVJkF552Y4Dwu7D1zRd4qk
+6ZL3nlEOCNsLTo+HIFCP0XUodaWdx2WJKZlpUpjzN7JF3MXqY0/xEgLNlL/SLSB1tod1PW
+fKfF7WDYluZJNCPv3V4296vcpG/VNBVew6ODRFT1WTQhVPenJLHuxZrOTg3sbGMXrsY8Lh
+JjQtVTY4ijvRkAAAWQANIwKXD3+y7RY6XFUvYSm6PGQbgfWO7NNR20whNld5pAHWzSamI5
+hNil50ZlYqfrfcZ8Gfhc3i9Td7ATd2h7ZBMTmkKMOzssTldTuKg13dc0r+Nk80o6PyT4SR
+YyHRVEk2Y9IeEtwjFaR50VlVY+qmLx6dzgN0tDDdb0Nenb4g1qkIjgepLu6b2KH1wznZGM
+feJPHQwfPi3RYnUquFnpfdOLdseDQS7EVLfoK/jg5lMjxGMXgptN00fOH6M2oEYaDbQK6S
+GnROKBUu5mBFPDgidahwlIkaBJ7/HAiTFhQLo75AZSEDPOOveGkW+0DJPlqw1f5a4k2jRQ
+1+wNbceuj5Zm9uw1EPzZpEQ42+DaQK3Ze5aRdm/AovykLwdmk29LK5WiGgyfsYZILq3UOB
+IBAq+Mg/ePgoQDH6raQnPvwO4+2cKmMhBFu4Ck+af8fPyRfMYvjFSxxDE7kUoSuWUb1WRP
+ZK95yf0BrUd8E6LqVp9476UuvrkG9wm8HMlI5Q+uksQ5tZPHCNGzIOKgDP1V7RsTWlYX9n
+2eJqfUq1zgP2sfVUrLehxCn9uLHBzzjIq/RPQIhBFNnT8RgBRBGm6Q+LrhkkDCsA3hzuys
+9ja+cypw6uSxGe6Q7l832PEggKaMJy54ZExosVOdXi8vxJgKSzhIuWSjIslHBPv4A1L4vd
+9heimddR6Lm1eIqzyen0y45oHDcbj4+R9vSUd4LH4jT24EzsAU7SY8Y+qLhRk67AZqx+z8
+3w3pHnMJNzfo4RUn261LhkyXbr5Tgk9EUBaSTjRkBgRwXDuf5AJ7lgCzEfxaQl24Fe7Q9m
+ufvfk5uiL9dNXWOCYk9zvdbLVLA8c0pyB+wKKOCWDJlaJpkwSNbch1JO5Sk+mTXrRDll3m
+xGK9ARaKfAH5+oRVqHS+5I4tBwFLG+DQL7ktj0YRvu+c1spVzFiiwf4MkOe1Hs/EmQfKEP
+BWUq1uAZhVDS2TeUQwkjR5//eGkSMvE4d9HJnTQTDZk07kv1FvpJ271MWXrln94c/tvKuh
+9Ef34IkMFG6O9uJ2Uu7/U5FSyGuyfeg/7Rffl4jnPDaJnjA0I8QMpjiqckkXIzSP2k0ZtP
+WodpqzBUeRKeJiawkf5kVa0cW0Fq+pW7dlO9b38ufpgcuiV/EadlsVY3qfBhDOpdiGwAob
+ER9pW4Z6Bnl+8ci1U3f7P8PrNiYGm1g8wTgNYCrOSU1JuLoI1y//OZT9u7gpXwsrazjcWU
+hrTXQje273IiB/yosJrtqhJkmAKYDrgb45Pe0a2J0voIHY5jsF7MNlFlJb/zVZvBn8vWpA
+QYXKnq0Agx97UMwyKaYvm/v0UTJZgS1Jd5owY1jwwGubBIt58VRfX6++EJ3QY+EslYvCN0
+BzBV4B+a8WhuGsF7x6Rlv8ei1+hEW3FFHsL4KBjy0e38yvVkYHlND+oxBvawxsikdNwL/2
+g4LfKSVEysjbRSd+UVqVYlBLnmfio7E7sbShp7TgmV7BBsE+9N1PEKRX02QUlhXYqLensx
+3vhOrFcEGvdji8qYAnxK0aGLuMwG/czHjD7tD6xUjjzxVLv9qY9pHX9WxRxYDNyoSX65lj
+EbqpcPe4QrDypTvNKEeZ4w0FEsYP4J0O6ZDXuBoQnSqsbFkvEP3lCf0ezq8jfJn5K0BBkH
+auJpHWx9g8+U+3vKMj4+00fHtp8v0hMMCOzGy8Ol2yS5x6z3Or0HkYzbcMMZvkUNk+z47c
+bHFgdUC/lqc9UrhleAWwkEc9l3qoA61nz7B2jAmZhlNBKFPiIZn2TG7xy4CITDV46j+j92
+y8/hyJDEB0yxx2O/zZKhkEf/N/bAlhIo/8dsjMCMBgE0X+sdpQCfZ+k/dQnAlvWRYhLrkr
+tO97CdjmrFG+AR8pwNqjvJnH9fw=
+-----END OPENSSH PRIVATE KEY-----

certs/bird-rtr-client.key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGmbM6oQ3HYuaghpNTbIfOQQqC7m0vX5dUqcDlhlMyntyHAQOCzV8M5jbr2REeyTw60XXEezvb05mRm4NKQXJGsBR+/n5ZgvxpSFfso9ZBTTflEwBgBSQdoz/abWXe2inJ1MATu2An1vIAERQO/GvV9HYcLgF3sZ9T6X6yvVUt5TKWaQ2wNKQb3KNTpnBzrK74gkUaDj1HUt/DeVk42L80boycKZq2/jkHb4U6ThRXof7NJzgpHMgtMbCwAsN68fY4iIIN1046TIGHwy0sJaYrRDVzpWFLRS+hc68g5MWbhtiUFGGVjjMkUbSwegorB6hRxEyMYjn1bhLuUhiMVJkF552Y4Dwu7D1zRd4qk6ZL3nlEOCNsLTo+HIFCP0XUodaWdx2WJKZlpUpjzN7JF3MXqY0/xEgLNlL/SLSB1tod1PWfKfF7WDYluZJNCPv3V4296vcpG/VNBVew6ODRFT1WTQhVPenJLHuxZrOTg3sbGMXrsY8LhJjQtVTY4ijvRk= bird-rtr-client

certs/bird-rtr-client.pem

@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQC9gxH/EK68bxW8
+dKY/cTV54Ek4VV2lCMv9pcrSwi4w2tg1Vu4uMYizyWxkRpT3gI5NexNu/d2riAvT
+LFEJTuD2eaCWa4PuuVpKVNvCjhAXYhu+E0X0QZj3iDdmtSQioEGcYBzvFeADjp8R
+/JMv8RTDZVEuIZGSS5e7xmZQ45CvWBcrD9EstaOX3oA9reYm3ucE2wHGS8tEXFLi
+k3qh52l3trKY0b+Hkd26P7BreoELPegQK/Cek9KJBtp9rRvRuOuzx5VixnLIgyz9
+TII+1O3x3c3hHullKQ3DSl6CDHpNnujPetvPbldIwUR1GfkjG/AxKjHtc2yZ915X
+fFi/qaMc6ehmPKO+t3geEjcL6W4sArzs8xkYs204daz1f9/CLtpJVBhsUNkhoz1l
+RbnaqZr8LuwjlujX3te0UltX3u7D00gKUwRZHw8GE1ksIO2USvZaTggscBykJzq7
+oG6FvrNy/L8htHWEzDlJZKDUriR6ZxaufcRwK3RFGx0307NQCVECAwEAAQKCAYAG
+uKo33As8fOqeEFuQmrbpM4yZQkLT3n3gqUOKKc+qVSqvqp2ANyrIaJuO62dvZ0h0
+xEmWSUv2QFkeBF9752eoajwpNZc8bWe/xOZ17iSxNZ4zBbs4jGaM2fCQFJrbXQhy
+r8B69NFJAwMOh+EfBUuFmhdw3cksUYDITMM2eXm5VFQfB3y1W5xZn6838M3dwVBb
+flp/4lKLYkRgy5cA/MSDdc/8Bk1nFSPybf2XdET1JX0QbMSIFUlVaZAwfqYi0C6B
+RH9xpiihYlgwbVtElMsIqh3ExgB3OlhjliYacWQvxhi5fRJdUT5TYiTpCmaIsg1C
+GWXtZADClrzL2rdvkrVUo4KHg1jSc/sxh/LaN061JdGuDxs2O0mg1CzwmWeCG8xy
+0BWPzNruUDM30IV6klMW2vZvYMiDZqjN+fW0qiP3NYgqNBPQLBoW2Jh3Xy9jYsaV
+AisxEzGRDXNOsTvKhcxPOV+0APyhZdVB70pbZwO13iWhjZqZWYrUAqkYsLlnhAEC
+gcEA4r3pdzKeBpGR5Y6htmhW3U0Vi5hiKBBa3PZALebsk0W9VIumPRB7H3D+Ydmh
+/alEQV7QBFojfA5LFmHqJ0Wf35zZ7r7oQv4aowY6ppLexjGeqolAxeMmXluSQjOd
+gnOaVcWjEeyvtV1M2/7rmLAzWPlbCemByJRWHWjRBc1UU+yXG+zRHzvOwStzdfLB
+YG12RAXa+fyHLm5544HnVJ3kzhlAK5QAJ+yqBp3lUingbUvV4fMmlMD+P9SBnDiO
+4WtRAoHBANX3Uv7vwERx/Xho1+9v3iotTRYgJKsMRJraWs+4nR17WpT9kiBugKMg
+6PKaTOuk3ylPZIWji9KCEX7qkrA4ME1pkELG0A9GQXaSE7MCLQzZxOkMBQeMdiSe
+GgJhNtyyuL7rzLfkoAWm+xEFknv7rCaKxGaD6Be2Fmk+vSYgkUxsaVf+egRNM6L7
+4V1kpeyBf4FLOX3odwx0zON1eCvYc6sa4BoibRZx0YGhvE0Elze7QUXGzbd+3zId
+2+46hyE+AQKBwQDY0p6E26R9x4pqqEA/u/sE2Ie329pRUYJyNhEdU+v60P/B72Di
+l/YFFPpM+96KQOkCUfY9kyzHnqtzFeLh9xRwsv877NcR6QfzySsgyuW5RQ3jKikE
+krjIFm0AXXdLndyCFOJha6KCnlu3LEiC1Evl012ZVvBCrIbEzMzE7ZqsPlwp2gYI
+BhsqYbCho6gD2+jyF19VGoTyg7aPNlPOeMapxz+z7G1RwGC+vxLhxSXVnmVDEk9c
+hEkdJMtkZjlLmmECgcBqBltnHrCcegvLDdDqwflJ1xbavuTMqZCZV1gmlGmugUCa
+kahGT9uIejdUeCdjoVg/5Sp/mlIf5vn6dQxpK/6rbYLhxBi3aO3pbms6ifp+4q5T
+ePRJEE4+yOVEhp2j8R/g44GXIkA1bM/+WE+FBmoA00SNNBHfJgim8ELUUNEPGK1+
+wAgAd6z9t2iuWcBqmKTxEbCUdov/bSVWFRCOUXzHrdKcwLBjrdTOMrHXTE4OfMjU
+ZbXsln7NG8SuoOvzCgECgcAjE6ZtIW1bnbCzGOCLzbVw4AxeLuKMhwxF26k04JBJ
+Yo1+vPw1skQYxelNxShHb1oUK2BsrRSYMVjKGg/rdFWng+vHWl2Ff2hj1pI0Pn5d
+n8/vLTDKf0SrRXXNDK+rB70TUqis8zvLb8EACuvlL0YHiAtcWFC9GT9XQMmFbyn1
+PI14Wbzk+0TYs1UQ9FNd4IWL8IbDxxCzFGAUs2g+nYXuRQv/1juZGfsUXlrQZG9O
+qD4S5Fez6uDBzHtzJjKizWw=
+-----END PRIVATE KEY-----

certs/rtr-authorized_keys

@@ -0,0 +1,3 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9MkggFr9ic5Ply9tPzsldgut9WAb0bgdDomFtBezDC4rzi/8vWUhzZv+lezWnyKYnMPHe80FEZ8+5QrNjS2GV6KMDxQZN7Wr4Lzh+eQv3hcT+TG6CUa7KjXvuq8P6UYGW9LCn8d36YGmxXkbEtUJlmA2dRemx6xlrpXavCaXLgTph+3eoe2mWTMukwHjzuu4PXhElfCFGZnTMXAkjimCfrH+11YMb1NpMosm/8H8aYZZGAkGPljKAjOLPwAXgn77hoIlRKlslesCmTBJCnmyp/0raIXAW3nkuMnkW9ORdt1Ti7yXsRv+flFBhFh7hM9SfqgbMAkDem1TugDTFTBRkiesh2Y+sQbgk0YO2T5PF+NVLZuuTssog3JyMbRYADZGjzdnvVSG4ICR+1fVehelOnMo1tgSsk3M8WkM5wgfn5HATYcBXaiHo97Q0CHzGKI4KrOqvTc4Bb/uh0VQIecpQajGuZqsWDlxkwk1hd1/s84Qo6kk/iZWKk+S+8uXlHRc= xuxiuting@LAPTOP-A2IH6TNR
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9gxH/EK68bxW8dKY/cTV54Ek4VV2lCMv9pcrSwi4w2tg1Vu4uMYizyWxkRpT3gI5NexNu/d2riAvTLFEJTuD2eaCWa4PuuVpKVNvCjhAXYhu+E0X0QZj3iDdmtSQioEGcYBzvFeADjp8R/JMv8RTDZVEuIZGSS5e7xmZQ45CvWBcrD9EstaOX3oA9reYm3ucE2wHGS8tEXFLik3qh52l3trKY0b+Hkd26P7BreoELPegQK/Cek9KJBtp9rRvRuOuzx5VixnLIgyz9TII+1O3x3c3hHullKQ3DSl6CDHpNnujPetvPbldIwUR1GfkjG/AxKjHtc2yZ915XfFi/qaMc6ehmPKO+t3geEjcL6W4sArzs8xkYs204daz1f9/CLtpJVBhsUNkhoz1lRbnaqZr8LuwjlujX3te0UltX3u7D00gKUwRZHw8GE1ksIO2USvZaTggscBykJzq7oG6FvrNy/L8htHWEzDlJZKDUriR6ZxaufcRwK3RFGx0307NQCVE=
+

certs/rtr-client.key

@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAvTJIIBa/YnOT5cvbT87JXYLrfVgG9G4HQ6JhbQXswwuK84v/L1lI
+c2b/pXs1p8imJzDx3vNBRGfPuUKzY0thleijA8UGTe1q+C84fnkL94XE/kxuglGuyo177q
+vD+lGBlvSwp/Hd+mBpsV5GxLVCZZgNnUXpsesZa6V2rwmly4E6Yft3qHtplkzLpMB487ru
+D14RJXwhRmZ0zFwJI4pgn6x/tdWDG9TaTKLJv/B/GmGWRgJBj5YygIziz8AF4J++4aCJUS
+pbJXrApkwSQp5sqf9K2iFwFt55LjJ5FvTkXbdU4u8l7Eb/n5RQYRYe4TPUn6oGzAJA3ptU
+7oA0xUwUZInrIdmPrEG4JNGDtk+TxfjVS2brk7LKINycjG0WAA2Ro83Z71UhuCAkftX1Xo
+XpTpzKNbYErJNzPFpDOcIH5+RwE2HAV2oh6Pe0NAh8xiiOCqzqr03OAW/7odFUCHnKUGox
+rmarFg5cZMJNYXdf7POEKOpJP4mVipPkvvLl5R0XAAAFkHgpYu14KWLtAAAAB3NzaC1yc2
+EAAAGBAL0ySCAWv2Jzk+XL20/OyV2C631YBvRuB0OiYW0F7MMLivOL/y9ZSHNm/6V7NafI
+picw8d7zQURnz7lCs2NLYZXoowPFBk3tavgvOH55C/eFxP5MboJRrsqNe+6rw/pRgZb0sK
+fx3fpgabFeRsS1QmWYDZ1F6bHrGWuldq8JpcuBOmH7d6h7aZZMy6TAePO67g9eESV8IUZm
+dMxcCSOKYJ+sf7XVgxvU2kyiyb/wfxphlkYCQY+WMoCM4s/ABeCfvuGgiVEqWyV6wKZMEk
+KebKn/StohcBbeeS4yeRb05F23VOLvJexG/5+UUGEWHuEz1J+qBswCQN6bVO6ANMVMFGSJ
+6yHZj6xBuCTRg7ZPk8X41Utm65OyyiDcnIxtFgANkaPN2e9VIbggJH7V9V6F6U6cyjW2BK
+yTczxaQznCB+fkcBNhwFdqIej3tDQIfMYojgqs6q9NzgFv+6HRVAh5ylBqMa5mqxYOXGTC
+TWF3X+zzhCjqST+JlYqT5L7y5eUdFwAAAAMBAAEAAAGAPmfEdJksPZwj74tjZpqtvuN9K5
+YKjTtxt/RqsFxg8SDwj07hOEv54t7Zekr+sr4zWAAD9+dC4v5e/RusMhdeM+VNR+QIJVIn
+k3934fepY9bC2KJ7XQ72Wad7dok/lmSmGxXQ40SbVIfStQeEzkN/iCU0cGjsIZyLgP9N+4
+RyJIMWr9UTbgZvGH1yOoCmJLbG6Vi8zSF5lFAdPH8rIIb3QhPS+DZaDacS7m5Pn7kDI7+G
+oscBuwvu0oomEiKjjakC6xcI1pcH/qNjP1LVhiS6qtERQLAfKGeAQiM44lsqK018fRazMf
+UujVvlafZ/92o+SEwh4e5+oS6rY+aLHoeslGN+BxEsHpyyszl3w4hRRR9XQK9Te/pWGWer
+fFRiJLNlkd0pkYJguT9xTdiDC5KMyJeUhNrdcOn1Df1o3T3uqdZIaFfiGUKsruOovSIgwG
+iYAKCb7b3zHfWDorP2g0Ckd87DKC3J8C6vXKJd/EO2ex+EkJWammeUwdW4mExniY+RAAAA
+wD2jFsuvpecZ/MB89WG7uMVJP7eoBJrPKYfODUR1YHkxUwmEqC1jaIR07qP6EaI5P58vaG
+ai7Hdp7SXidn0zeGAUFZCw8TyA9UsHWshk1ydJkspuch22VBOzgmAe2A7Rw317yqL7if9I
+zYOs7ce9Epnr+qSjNCD1oRw88kwKOLxV19ty3pfp/nhu4TKzzZDJChL/h9/ZQ02ED9l6KS
+ZnX/7C/f8lPMfWxJGshLJnhXvNB6wbAF06/wIRlA9IT0XFWgAAAMEA3aZyJel9M+flKiAD
+sruAfbx39zpJSpizA5rI+y8UFmD4bQ7gwAnHY9+8kzQhFjLSXQ+np5T8mvCii7uxh9j406
+je2/UD5ZS7vmwcC+MoqCxvNL0kVF9FdoNmejUWqZ59Ig9p48AxVe2jG3+Rea1X45C45/1X
+FucDsf5i5Nf7lAqEhM2vIuyKEWu8BSkMY84E4RTtt5S55BcGqritsUYJn/QP4DNzBo9WQd
+61qg7Ve5rMEtSq+UV/Aj4x7qMbBI0PAAAAwQDahEsvkMwQuhHAPfPnn+580SuQ7KwIMyZY
+BtFnIEvQfWKBU1c5kcHoeIPFZ5Bql2aVbL2AuRl+MGRoZ8wYK/rqUytjeRi0aq0IQgH8WW
+PK4bL1RbHwZdyEMc/6CbAA5pd7bFQKopEmf0Md2QC2M/nwS4TAVDDQepdCzQJ9W+EzJI+L
+fvJdihyB1psCLkCd7elGGnBbbTqUjAPNJJio8wZUdD/f1ZEd4KKw1joX/+c4FoLdXlpVci
+dO+ciUfrz8f3kAAAAZeHV4aXV0aW5nQExBUFRPUC1BMklINlROUgEC
+-----END OPENSSH PRIVATE KEY-----

certs/rtr-client.key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9MkggFr9ic5Ply9tPzsldgut9WAb0bgdDomFtBezDC4rzi/8vWUhzZv+lezWnyKYnMPHe80FEZ8+5QrNjS2GV6KMDxQZN7Wr4Lzh+eQv3hcT+TG6CUa7KjXvuq8P6UYGW9LCn8d36YGmxXkbEtUJlmA2dRemx6xlrpXavCaXLgTph+3eoe2mWTMukwHjzuu4PXhElfCFGZnTMXAkjimCfrH+11YMb1NpMosm/8H8aYZZGAkGPljKAjOLPwAXgn77hoIlRKlslesCmTBJCnmyp/0raIXAW3nkuMnkW9ORdt1Ti7yXsRv+flFBhFh7hM9SfqgbMAkDem1TugDTFTBRkiesh2Y+sQbgk0YO2T5PF+NVLZuuTssog3JyMbRYADZGjzdnvVSG4ICR+1fVehelOnMo1tgSsk3M8WkM5wgfn5HATYcBXaiHo97Q0CHzGKI4KrOqvTc4Bb/uh0VQIecpQajGuZqsWDlxkwk1hd1/s84Qo6kk/iZWKk+S+8uXlHRc= xuxiuting@LAPTOP-A2IH6TNR

certs/rtr-client.pem

@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAvTJIIBa/YnOT5cvbT87JXYLrfVgG9G4HQ6JhbQXswwuK84v/L1lI
+c2b/pXs1p8imJzDx3vNBRGfPuUKzY0thleijA8UGTe1q+C84fnkL94XE/kxuglGuyo177q
+vD+lGBlvSwp/Hd+mBpsV5GxLVCZZgNnUXpsesZa6V2rwmly4E6Yft3qHtplkzLpMB487ru
+D14RJXwhRmZ0zFwJI4pgn6x/tdWDG9TaTKLJv/B/GmGWRgJBj5YygIziz8AF4J++4aCJUS
+pbJXrApkwSQp5sqf9K2iFwFt55LjJ5FvTkXbdU4u8l7Eb/n5RQYRYe4TPUn6oGzAJA3ptU
+7oA0xUwUZInrIdmPrEG4JNGDtk+TxfjVS2brk7LKINycjG0WAA2Ro83Z71UhuCAkftX1Xo
+XpTpzKNbYErJNzPFpDOcIH5+RwE2HAV2oh6Pe0NAh8xiiOCqzqr03OAW/7odFUCHnKUGox
+rmarFg5cZMJNYXdf7POEKOpJP4mVipPkvvLl5R0XAAAFkHgpYu14KWLtAAAAB3NzaC1yc2
+EAAAGBAL0ySCAWv2Jzk+XL20/OyV2C631YBvRuB0OiYW0F7MMLivOL/y9ZSHNm/6V7NafI
+picw8d7zQURnz7lCs2NLYZXoowPFBk3tavgvOH55C/eFxP5MboJRrsqNe+6rw/pRgZb0sK
+fx3fpgabFeRsS1QmWYDZ1F6bHrGWuldq8JpcuBOmH7d6h7aZZMy6TAePO67g9eESV8IUZm
+dMxcCSOKYJ+sf7XVgxvU2kyiyb/wfxphlkYCQY+WMoCM4s/ABeCfvuGgiVEqWyV6wKZMEk
+KebKn/StohcBbeeS4yeRb05F23VOLvJexG/5+UUGEWHuEz1J+qBswCQN6bVO6ANMVMFGSJ
+6yHZj6xBuCTRg7ZPk8X41Utm65OyyiDcnIxtFgANkaPN2e9VIbggJH7V9V6F6U6cyjW2BK
+yTczxaQznCB+fkcBNhwFdqIej3tDQIfMYojgqs6q9NzgFv+6HRVAh5ylBqMa5mqxYOXGTC
+TWF3X+zzhCjqST+JlYqT5L7y5eUdFwAAAAMBAAEAAAGAPmfEdJksPZwj74tjZpqtvuN9K5
+YKjTtxt/RqsFxg8SDwj07hOEv54t7Zekr+sr4zWAAD9+dC4v5e/RusMhdeM+VNR+QIJVIn
+k3934fepY9bC2KJ7XQ72Wad7dok/lmSmGxXQ40SbVIfStQeEzkN/iCU0cGjsIZyLgP9N+4
+RyJIMWr9UTbgZvGH1yOoCmJLbG6Vi8zSF5lFAdPH8rIIb3QhPS+DZaDacS7m5Pn7kDI7+G
+oscBuwvu0oomEiKjjakC6xcI1pcH/qNjP1LVhiS6qtERQLAfKGeAQiM44lsqK018fRazMf
+UujVvlafZ/92o+SEwh4e5+oS6rY+aLHoeslGN+BxEsHpyyszl3w4hRRR9XQK9Te/pWGWer
+fFRiJLNlkd0pkYJguT9xTdiDC5KMyJeUhNrdcOn1Df1o3T3uqdZIaFfiGUKsruOovSIgwG
+iYAKCb7b3zHfWDorP2g0Ckd87DKC3J8C6vXKJd/EO2ex+EkJWammeUwdW4mExniY+RAAAA
+wD2jFsuvpecZ/MB89WG7uMVJP7eoBJrPKYfODUR1YHkxUwmEqC1jaIR07qP6EaI5P58vaG
+ai7Hdp7SXidn0zeGAUFZCw8TyA9UsHWshk1ydJkspuch22VBOzgmAe2A7Rw317yqL7if9I
+zYOs7ce9Epnr+qSjNCD1oRw88kwKOLxV19ty3pfp/nhu4TKzzZDJChL/h9/ZQ02ED9l6KS
+ZnX/7C/f8lPMfWxJGshLJnhXvNB6wbAF06/wIRlA9IT0XFWgAAAMEA3aZyJel9M+flKiAD
+sruAfbx39zpJSpizA5rI+y8UFmD4bQ7gwAnHY9+8kzQhFjLSXQ+np5T8mvCii7uxh9j406
+je2/UD5ZS7vmwcC+MoqCxvNL0kVF9FdoNmejUWqZ59Ig9p48AxVe2jG3+Rea1X45C45/1X
+FucDsf5i5Nf7lAqEhM2vIuyKEWu8BSkMY84E4RTtt5S55BcGqritsUYJn/QP4DNzBo9WQd
+61qg7Ve5rMEtSq+UV/Aj4x7qMbBI0PAAAAwQDahEsvkMwQuhHAPfPnn+580SuQ7KwIMyZY
+BtFnIEvQfWKBU1c5kcHoeIPFZ5Bql2aVbL2AuRl+MGRoZ8wYK/rqUytjeRi0aq0IQgH8WW
+PK4bL1RbHwZdyEMc/6CbAA5pd7bFQKopEmf0Md2QC2M/nwS4TAVDDQepdCzQJ9W+EzJI+L
+fvJdihyB1psCLkCd7elGGnBbbTqUjAPNJJio8wZUdD/f1ZEd4KKw1joX/+c4FoLdXlpVci
+dO+ciUfrz8f3kAAAAZeHV4aXV0aW5nQExBUFRPUC1BMklINlROUgEC
+-----END OPENSSH PRIVATE KEY-----

certs/ssh_host_rsa_key

@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEA08poqyD9GeB7YdNabpl6cFff3yHu7/E6usvW9/BY05HjYVDWSUCB
+tLLI+1Z2w00/8BuOKECZ8ExSfMWyMHWDQWc2wXL8ZYZPQjzqOCWXNsNt9DXMin7DGS3Lg4
+DCssl3m3cMMRkQcaKlGbdOLMJayt3ABHf+lovRK8D9U6eGACsX4+F7zoSb5lhNauIrH329
+sxKq5HF8nKgQECivc4zvsUBdFXxSak3nNRmA+Sc58IwBf8liv+exWYHUCrh/Y3Q7s8pE5e
+xvPdbkpESk2ze7sIarZ5E3q4FYZP7w6Mc/BJ9BVz+YmkIVcDtm0wwGMFL56bfx2l87GgZR
+mHjWV+6vnXC6ikH3KJI+yCqhiL1rUoaVgWCpHsUsF6ZHlZP9Go0QH3ZAo0pDGnqxJJPZa2
+zUOaF6xxF3IUOtZ/oMZGNqX+WuiXKuqTMLcL7NcT+WQXYk1zRcHW9CJ8XmCl4xSymEA7kI
+7ObGwJ1Vfi/ocIUjgtMxdYOWaGYAuFp0aY4/nv3tAAAFkKmSKaOpkimjAAAAB3NzaC1yc2
+EAAAGBANPKaKsg/Rnge2HTWm6ZenBX398h7u/xOrrL1vfwWNOR42FQ1klAgbSyyPtWdsNN
+P/AbjihAmfBMUnzFsjB1g0FnNsFy/GWGT0I86jgllzbDbfQ1zIp+wxkty4OAwrLJd5t3DD
+EZEHGipRm3TizCWsrdwAR3/paL0SvA/VOnhgArF+Phe86Em+ZYTWriKx99vbMSquRxfJyo
+EBAor3OM77FAXRV8UmpN5zUZgPknOfCMAX/JYr/nsVmB1Aq4f2N0O7PKROXsbz3W5KREpN
+s3u7CGq2eRN6uBWGT+8OjHPwSfQVc/mJpCFXA7ZtMMBjBS+em38dpfOxoGUZh41lfur51w
+uopB9yiSPsgqoYi9a1KGlYFgqR7FLBemR5WT/RqNEB92QKNKQxp6sSST2Wts1DmhescRdy
+FDrWf6DGRjal/lrolyrqkzC3C+zXE/lkF2JNc0XB1vQifF5gpeMUsphAO5COzmxsCdVX4v
+6HCFI4LTMXWDlmhmALhadGmOP5797QAAAAMBAAEAAAGARE9apyeCux/ua8URu+6A0U9mg7
++cI4P431rzwRCidcruPesm0oWd0DyCGp7uu1tlLfqVRWJgxGK5kEjrijm81hGGVarSwaQq
+WEDxgp6NQTqTclsP1/O+1ZYxt/6FzcixbVFee0+MQDqnab331vPw+NHBJy/Uy5XZJ3Wdv6
+eeztsXX4bQufGHnyoH/ltocUXLM8DnobsA6D5EwBF/VZO1k8QgwddRdbwewL+zG6mNRIrD
+yQWZdjAywZ3gWHzdiaRpLtwIqqVq6q+2nphu41sJTKbU9ZrDLz4YZ4eawPloeukTq+mChS
+UyYK4gomNUG1RugeQNiGW1SG/fDMMVWzYDxmnKxBrVvv/J1AHhyQbScjDjGLxo9aG5A2XJ
+8kfZbkgTsfUP0IhmOFOK2KlRiZDuSGBNGgrEWxzpA/G4T5WGzBDT2pvW6yn5BQDCzpMwy6
+sNiB3cdWNHGyy4Gu/c2Owljb0RukXsfkFN5oaj4fXo2E+Yymm7qTUuPVDgay3/W1cBAAAA
+wEL4j23iXytSSR5U5x0XvVKobDwM+SgOJ1OKhm9FsXmPBDnT/3FzNJ6dZNVYYPtM5Pbal5
+J6soTlHwsHvEJxakrH0B9WqKAhShpJ/pC3UIpxaHAWQ5bk9Z3mBfwSargUFUZDz+hoCEFR
+ZwdSU9LI8vK/nk4urhxMi7BjAHh/acRo5AoOVk9zDTq4FhvwtQG0P6HKZoHLcLKh7Hxm0e
+OPhiWwfXt5TQSgAI4kIKy3UOwxFgsNsI5JLFMWuZ8KUdFCaQAAAMEA8+cTAauvEmDHlg+D
+1KtlbxT96lN2RRruvRO/VxAomP8ZLPV4/9EpS6oTYaWve1TibD1HgJ5k22BBBGOAbEuhz2
+jBxIL2JaGUNmWR1Tofe7s+VY/AKbepwBmTxelyIhbhAcXToFjUIS3398+bxbiSYEU3hmAA
+EmeHui5kZYRcU3Lxv24qfdc9tjaAm3i4OIlhv+QPteJRWB54pdVuYaIZDsSp9mC4BzVNmN
+hJiJ4gB+JEigfp30200Q69soM4umnNAAAAwQDeS5i0cChxeppZ3RbOecZuNE3t09L18nFv
+h8KBXQ/UBt/Z6ElUWME/YATJ4eNUp+/VzyhxmMDzt3yG+k182qe6on4Q73MGgZ+l2mc6TL
+sgN/WoqT0H0P7N3QFqvIsKqH4zHcQFYwx6sgEvCppI7dWP1xkBedjXw6hL7j3poXp+lfT3
+XVGt1J6hMvgXUiyl+xAHjXnH7qU1oTw6Bn/O8hWylFBXSzzdVGjI+NYAzg4vAB+XecJx4V
+gOi7X82F9oRKEAAAAZeHV4aXV0aW5nQExBUFRPUC1BMklINlROUgEC
+-----END OPENSSH PRIVATE KEY-----

certs/ssh_host_rsa_key.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTymirIP0Z4Hth01pumXpwV9/fIe7v8Tq6y9b38FjTkeNhUNZJQIG0ssj7VnbDTT/wG44oQJnwTFJ8xbIwdYNBZzbBcvxlhk9CPOo4JZc2w230NcyKfsMZLcuDgMKyyXebdwwxGRBxoqUZt04swlrK3cAEd/6Wi9ErwP1Tp4YAKxfj4XvOhJvmWE1q4isffb2zEqrkcXycqBAQKK9zjO+xQF0VfFJqTec1GYD5JznwjAF/yWK/57FZgdQKuH9jdDuzykTl7G891uSkRKTbN7uwhqtnkTergVhk/vDoxz8En0FXP5iaQhVwO2bTDAYwUvnpt/HaXzsaBlGYeNZX7q+dcLqKQfcokj7IKqGIvWtShpWBYKkexSwXpkeVk/0ajRAfdkCjSkMaerEkk9lrbNQ5oXrHEXchQ61n+gxkY2pf5a6Jcq6pMwtwvs1xP5ZBdiTXNFwdb0InxeYKXjFLKYQDuQjs5sbAnVV+L+hwhSOC0zF1g5ZoZgC4WnRpjj+e/e0= xuxiuting@LAPTOP-A2IH6TNR

certs/testkey

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAo7qsNAU
+RiW+8UlbN+a34gAAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIMSj2JT9F+tcY/IA
+/qQda0zzC5B768tkm4JwwBHI/dtnAAAAoEVxoJY8k0yGG43sZ9YchTOlEiVpSF3rw0i1Ce
+lqjCx5RrtYMMmnZCIw4oo4kp6ATlluqGoR58BkJPhTW4i/pGH7sqJHltFNhFAu2VMNOlhp
+Eu5WDTotsDpDX7J5A9Lmc5zMdCvoRr+FUd314N7N/5GV4yyUiXlunMFbtgt6QBzYvakqqv
+pIWhsfz3mBe+oenAFpXkrdkQe6Jsy88ZVwVyI=
+-----END OPENSSH PRIVATE KEY-----

certs/testkey.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSj2JT9F+tcY/IA/qQda0zzC5B768tkm4JwwBHI/dtn xuxiuting@LAPTOP-A2IH6TNR

certs/testkey3

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABACsU5bHT
+9Ps+FePAk6wYjzAAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIADxGbVl4d3SirJF
+LBUz7CnzNZMWCDc9iL8BmxjIYGpNAAAAoPryTWyd3TszwaRBXRTGSxvAKW8Um9VYdphhFr
+CkePw369/VBarJJmRqUO6lPG3WfCyVG3N3yW+05Y0dVy53G885GWEoQQoy93Q3JY6dfQa4
+soxlJSROPz/I0X30gq/p5jR6WFHCWUcEZ61BkHhUW8c1R9vtmlBdsTbtbhJWczeKrbyj+p
+UcFxN6YEoXl39c9GbCCyd785cgTof4rmEDvQ0=
+-----END OPENSSH PRIVATE KEY-----

certs/testkey3.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADxGbVl4d3SirJFLBUz7CnzNZMWCDc9iL8BmxjIYGpN xuxiuting@LAPTOP-A2IH6TNR

deploy/bird/Dockerfile

@@ -1,10 +1,53 @@
+FROM debian:bookworm-slim AS builder
+
+ARG BIRD_VERSION=3.2.1
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    build-essential \
+    bison \
+    flex \
+    m4 \
+    perl \
+    ca-certificates \
+    wget \
+    xz-utils \
+    libreadline-dev \
+    libncurses-dev \
+    libssh-dev \
+ && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /build
+
+RUN wget -O bird.tar.gz "https://bird.nic.cz/download/bird-${BIRD_VERSION}.tar.gz" \
+ && tar -xzf bird.tar.gz \
+ && mv "bird-${BIRD_VERSION}" bird
+
+WORKDIR /build/bird
+
+RUN ./configure \
+      --prefix=/usr \
+      --sysconfdir=/etc/bird \
+      --localstatedir=/run \
+ && make -j"$(nproc)" \
+ && make install
+
 FROM debian:bookworm-slim
 
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends bird2 ca-certificates \
-    && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    netcat-openbsd \
+    libreadline8 \
+    libncurses6 \
+    libtinfo6 \
+    libssh-4 \
+ && rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /usr/sbin/bird /usr/sbin/bird
+COPY --from=builder /usr/sbin/birdc /usr/sbin/birdc
+COPY --from=builder /etc/bird /etc/bird
 
 COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
+RUN chmod +x /entrypoint.sh \
+ && mkdir -p /run/bird
 
 ENTRYPOINT ["/entrypoint.sh"]

deploy/bird/README.md

@@ -5,19 +5,19 @@ against this repository's RTR server defaults.
 
 Server defaults in this repo:
 - TCP: `0.0.0.0:323`
-- TLS: `0.0.0.0:324`
+- SSH: `0.0.0.0:22` (when enabled on server)
 
 ## Files
 
 - `Dockerfile`: builds a minimal BIRD2 runtime image.
 - `bird.conf.example`: sample `/etc/bird/bird.conf`.
-- `bird.conf.tls.example`: sample TLS/mTLS `/etc/bird/bird.conf`.
+- `bird.conf.ssh.example`: sample SSH transport `/etc/bird/bird.conf`.
 - `entrypoint.sh`: starts BIRD in foreground mode.
 - `docker-compose.yml`: one-click local TCP test client.
-- `docker-compose.tls.yml`: compose override for TLS/mTLS.
+- `docker-compose.ssh.yml`: compose override for SSH transport.
 
 By default, the container prints periodic RPKI protocol snapshots to logs
-every 5 seconds.
+every 30 seconds.
 
 ## Docker quick start
 
@@ -48,12 +48,20 @@ Stop:
 docker compose -f deploy/bird/docker-compose.yml down
 ```
 
-## TLS/mTLS quick start
+## SSH quick start
+
+Start server in SSH mode first:
+
+```bash
+docker compose -f deploy/server/docker-compose.ssh.yml up -d --build
+```
+
+Start BIRD client with SSH override:
 
 ```bash
 docker compose \
   -f deploy/bird/docker-compose.yml \
-  -f deploy/bird/docker-compose.tls.yml \
+  -f deploy/bird/docker-compose.ssh.yml \
   up --build
 ```
 
@@ -65,11 +73,14 @@ docker logs -f bird-rpki-client
 
 ## Notes
 
-- This setup targets RTR over TCP (`remote "127.0.0.1" port 323`).
+- This setup targets RTR over TCP (`remote "host.docker.internal" port 323`).
 - `network_mode: host` expects your RTR server to be reachable at
-  `127.0.0.1:323` from the Docker host.
-- TLS override mounts `../../certs` into `/etc/bird/certs`.
+  `host.docker.internal:323` from the container.
 - Observation is controlled by env vars:
-  `OBSERVE_INTERVAL` (seconds, default `5`) and `OBSERVE_PROTO`.
+  `OBSERVE_INTERVAL` (seconds, default `30`) and `OBSERVE_PROTO`.
+- SSH mode mounts `../../certs` into `/config/ssh` and expects:
+  `bird-rtr-client.pem` and `ssh_host_rsa_key.pub`.
+- Entrypoint auto-generates `/run/bird/known_hosts` from
+  `/config/ssh/ssh_host_rsa_key.pub` for BIRD SSH host-key verification.
 - If your environment does not support Docker host networking, switch to a
   bridge network and replace `remote` addresses accordingly.

deploy/bird/README.zh.md

@@ -1,21 +1,21 @@
 # BIRD 最小化 RTR 客户端配置
 
-本目录提供一个最小化 BIRD 配置，用于和本仓库 RTR Server 做黑盒互通测试。
+本目录提供最小化 BIRD 配置，用于与本仓库 RTR Server 做黑盒互通测试。
 
 本仓库默认 RTR 监听地址：
 - TCP: `0.0.0.0:323`
-- TLS: `0.0.0.0:324`
+- SSH: `0.0.0.0:22`（仅在 server SSH 模式启用时）
 
 ## 文件说明
 
-- `Dockerfile`: 构建最小 BIRD2 运行镜像。
+- `Dockerfile`: 构建最小 BIRD 运行镜像（包含 SSH transport 支持）。
 - `bird.conf.example`: `/etc/bird/bird.conf` 的 TCP 示例。
-- `bird.conf.tls.example`: `/etc/bird/bird.conf` 的 TLS/mTLS 示例。
-- `entrypoint.sh`: 前台启动 BIRD。
+- `bird.conf.ssh.example`: `/etc/bird/bird.conf` 的 SSH transport 示例。
+- `entrypoint.sh`: 前台启动 BIRD，并周期输出协议快照。
 - `docker-compose.yml`: TCP 一键启动。
-- `docker-compose.tls.yml`: TLS/mTLS 覆盖文件。
+- `docker-compose.ssh.yml`: SSH 覆盖配置。
 
-容器默认每 5 秒向日志输出一次 RPKI 协议状态快照。
+容器默认每 30 秒向日志输出一次 RPKI 协议状态快照。
 
 ## Docker 快速启动（TCP）
 
@@ -25,7 +25,7 @@
 docker compose -f deploy/bird/docker-compose.yml up --build
 ```
 
-另开一个终端查看日志：
+另开终端查看日志：
 
 ```bash
 docker logs -f bird-rpki-client
@@ -46,18 +46,35 @@ docker logs -f bird-rpki-client
 docker compose -f deploy/bird/docker-compose.yml down
 ```
 
-## TLS/mTLS 快速启动
+## SSH 快速启动
+
+先启动 server 的 SSH 模式：
+
+```bash
+docker compose -f deploy/server/docker-compose.ssh.yml up -d --build
+```
+
+再启动 BIRD SSH 客户端：
 
 ```bash
 docker compose \
   -f deploy/bird/docker-compose.yml \
-  -f deploy/bird/docker-compose.tls.yml \
+  -f deploy/bird/docker-compose.ssh.yml \
   up --build
 ```
 
+查看日志：
+
+```bash
+docker logs -f bird-rpki-client
+```
+
 ## 说明
 
-- 当前 compose 使用 `network_mode: host`，要求容器可通过 `127.0.0.1` 访问宿主机 RTR Server。
-- TLS 覆盖文件会把 `../../certs` 挂载到容器内 `/etc/bird/certs`。
-- 观测频率由环境变量控制：`OBSERVE_INTERVAL`（秒，默认 `5`）和 `OBSERVE_PROTO`。
-- 若你运行在 Docker Desktop（非 Linux 原生 host network 场景），建议改为自定义 bridge 网络并把 `remote` 地址改成可达的 server 容器名或宿主地址。
+- 当前 compose 使用 `network_mode: host`，默认通过 `host.docker.internal` 访问 server。
+- 观测频率由环境变量控制：`OBSERVE_INTERVAL`（秒，默认 `30`）和 `OBSERVE_PROTO`。
+- SSH 模式会将 `../../certs` 挂载到容器 `/config/ssh`，并使用：
+  `bird-rtr-client.pem`、`ssh_host_rsa_key.pub`。
+- 入口脚本会基于 `/config/ssh/ssh_host_rsa_key.pub` 自动生成
+  `/run/bird/known_hosts`，用于 BIRD 的 SSH 主机密钥校验。
+- 如果你运行在 Docker Desktop（非 Linux 原生 host network 场景），建议改为自定义 bridge 网络并将 `remote` 地址改成可达的 server 容器名或宿主机地址。

deploy/bird/_probe_subsystem.conf

@@ -0,0 +1,31 @@
+log stderr all;
+router id 192.0.2.2;
+
+roa4 table rtr_roa_v4;
+roa6 table rtr_roa_v6;
+aspa table rtr_aspa;
+
+protocol device {
+}
+
+protocol rpki rpki_ssh {
+  roa4 { table rtr_roa_v4; };
+  roa6 { table rtr_roa_v6; };
+  aspa { table rtr_aspa; };
+
+  remote "host.docker.internal" port 22;
+
+  min version 2;
+  max version 2;
+
+  refresh 3600;
+  retry 600;
+  expire 7200;
+
+  transport ssh {
+    user "rpki-rtr";
+    bird private key "/config/ssh/rtr-client.key";
+    remote public key "/run/bird/known_hosts";
+    subsystem "rpki-rtr";
+  };
+}

deploy/bird/bird.conf

@@ -0,0 +1,28 @@
+log stderr all;
+router id 192.0.2.2;
+
+roa4 table rtr_roa_v4;
+roa6 table rtr_roa_v6;
+aspa table rtr_aspa;
+
+protocol device {
+}
+
+protocol rpki rpki_tcp {
+  roa4 { table rtr_roa_v4; };
+  roa6 { table rtr_roa_v6; };
+  aspa { table rtr_aspa; };
+
+  remote "host.docker.internal" port 323;
+
+  min version 2;
+  max version 2;
+
+  refresh 3600;
+  retry 600;
+  expire 7200;
+
+  transport tcp {
+    authentication none;
+  };
+}

deploy/bird/bird.conf.example

@@ -3,6 +3,7 @@ router id 192.0.2.2;
 
 roa4 table rtr_roa_v4;
 roa6 table rtr_roa_v6;
+aspa table rtr_aspa;
 
 protocol device {
 }
@@ -10,6 +11,18 @@ protocol device {
 protocol rpki rpki_tcp {
   roa4 { table rtr_roa_v4; };
   roa6 { table rtr_roa_v6; };
+  aspa { table rtr_aspa; };
 
-  remote "127.0.0.1" port 323;
+  remote "host.docker.internal" port 323;
+
+  min version 2;
+  max version 2;
+
+  refresh 3600;
+  retry 600;
+  expire 7200;
+
+  transport tcp {
+    authentication none;
+  };
 }

deploy/bird/bird.conf.ssh.example

@@ -0,0 +1,30 @@
+log stderr all;
+router id 192.0.2.2;
+
+roa4 table rtr_roa_v4;
+roa6 table rtr_roa_v6;
+aspa table rtr_aspa;
+
+protocol device {
+}
+
+protocol rpki rpki_ssh {
+  roa4 { table rtr_roa_v4; };
+  roa6 { table rtr_roa_v6; };
+  aspa { table rtr_aspa; };
+
+  remote "host.docker.internal" port 22;
+
+  min version 2;
+  max version 2;
+
+  refresh 3600;
+  retry 600;
+  expire 7200;
+
+  transport ssh {
+    user "rpki-rtr";
+    bird private key "/config/ssh/bird-rtr-client.pem";
+    remote public key "/run/bird/known_hosts";
+  };
+}

deploy/bird/bird.conf.tls.example

@@ -1,21 +0,0 @@
-log stderr all;
-router id 192.0.2.2;
-
-roa4 table rtr_roa_v4;
-roa6 table rtr_roa_v6;
-
-protocol device {
-}
-
-protocol rpki rpki_tls {
-  roa4 { table rtr_roa_v4; };
-  roa6 { table rtr_roa_v6; };
-
-  remote "127.0.0.1" port 324;
-
-  transport tls {
-    ca file "/etc/bird/certs/client-ca.crt";
-    cert file "/etc/bird/certs/client-good.crt";
-    key file "/etc/bird/certs/client-good.key";
-  };
-}

deploy/bird/docker-compose.ssh.yml

@@ -0,0 +1,9 @@
+services:
+  bird-rpki-client:
+    environment:
+      RPKI_HOST: "host.docker.internal"
+      RPKI_PORT: "${RPKI_RTR_SSH_PORT:-22}"
+      OBSERVE_PROTO: "rpki_ssh"
+    volumes:
+      - ./bird.conf.ssh.example:/config/bird.conf:ro
+      - ../../certs:/config/ssh:ro

deploy/bird/docker-compose.tls.yml

@@ -1,7 +0,0 @@
-services:
-  bird-rpki-client:
-    environment:
-      OBSERVE_PROTO: rpki_tls
-    volumes:
-      - ./bird.conf.tls.example:/etc/bird/bird.conf:ro
-      - ../../certs:/etc/bird/certs:ro

deploy/bird/docker-compose.yml

@@ -3,11 +3,30 @@ services:
     build:
       context: .
       dockerfile: Dockerfile
+      args:
+        BIRD_VERSION: "3.2.1"
     container_name: bird-rpki-client
     restart: unless-stopped
     network_mode: host
     environment:
-      OBSERVE_INTERVAL: "5"
-      OBSERVE_PROTO: rpki_tcp
+      BIRD_CONFIG_PATH: "/config/bird.conf"
+
+      RPKI_HOST: "host.docker.internal"
+      RPKI_PORT: "323"
+
+      OBSERVE_PROTO: "rpki_tcp"
+      OBSERVE_INTERVAL: "30"
+
+      OBSERVE_ASPA_TABLE: "rtr_aspa"
+      OBSERVE_ROA4_TABLE: "rtr_roa_v4"
+      OBSERVE_ROA6_TABLE: "rtr_roa_v6"
+
+      OBSERVE_ASPA_COUNT: "3"
+      OBSERVE_ROA4_COUNT: "3"
+      OBSERVE_ROA6_COUNT: "3"
+
+      SHOW_ASPA: "1"
+      SHOW_ROA4: "1"
+      SHOW_ROA6: "1"
     volumes:
-      - ./bird.conf.example:/etc/bird/bird.conf:ro
+      - ./bird.conf:/config/bird.conf:ro

deploy/bird/entrypoint.sh

@@ -5,9 +5,122 @@ mkdir -p /run/bird
 
 SOCK_PATH="/run/bird/bird.ctl"
 PROTO="${OBSERVE_PROTO:-rpki_tcp}"
-INTERVAL="${OBSERVE_INTERVAL:-5}"
+INTERVAL="${OBSERVE_INTERVAL:-30}"
+RPKI_HOST="${RPKI_HOST:-host.docker.internal}"
+RPKI_PORT="${RPKI_PORT:-323}"
 
-bird -f -c /etc/bird/bird.conf -s "$SOCK_PATH" &
+BIRD_CONFIG_PATH="${BIRD_CONFIG_PATH:-/config/bird.conf}"
+
+ASPA_TABLE="${OBSERVE_ASPA_TABLE:-rtr_aspa}"
+ROA4_TABLE="${OBSERVE_ROA4_TABLE:-rtr_roa_v4}"
+ROA6_TABLE="${OBSERVE_ROA6_TABLE:-rtr_roa_v6}"
+
+ASPA_COUNT="${OBSERVE_ASPA_COUNT:-3}"
+ROA4_COUNT="${OBSERVE_ROA4_COUNT:-3}"
+ROA6_COUNT="${OBSERVE_ROA6_COUNT:-3}"
+
+SHOW_ASPA="${SHOW_ASPA:-1}"
+SHOW_ROA4="${SHOW_ROA4:-1}"
+SHOW_ROA6="${SHOW_ROA6:-1}"
+SSH_HOST_PUBKEY_PATH="${SSH_HOST_PUBKEY_PATH:-/config/ssh/ssh_host_rsa_key.pub}"
+SSH_KNOWN_HOSTS_PATH="${SSH_KNOWN_HOSTS_PATH:-/run/bird/known_hosts}"
+
+ensure_ssh_known_hosts() {
+  if [ -s "$SSH_KNOWN_HOSTS_PATH" ]; then
+    return
+  fi
+
+  if [ ! -r "$SSH_HOST_PUBKEY_PATH" ]; then
+    echo "[entrypoint] WARNING: SSH host key file not found: $SSH_HOST_PUBKEY_PATH"
+    return
+  fi
+
+  set -- $(awk 'NF >= 2 { print $1, $2; exit }' "$SSH_HOST_PUBKEY_PATH")
+  if [ $# -ne 2 ]; then
+    echo "[entrypoint] WARNING: invalid SSH host key format in $SSH_HOST_PUBKEY_PATH"
+    return
+  fi
+
+  key_type="$1"
+  key_data="$2"
+
+  if echo "$key_type" | grep -q '^ssh-'; then
+    {
+      echo "$RPKI_HOST $key_type $key_data"
+      echo "[$RPKI_HOST]:$RPKI_PORT $key_type $key_data"
+    } > "$SSH_KNOWN_HOSTS_PATH"
+  else
+    cp "$SSH_HOST_PUBKEY_PATH" "$SSH_KNOWN_HOSTS_PATH"
+  fi
+
+  chmod 600 "$SSH_KNOWN_HOSTS_PATH" || true
+  echo "[entrypoint] generated known_hosts: $SSH_KNOWN_HOSTS_PATH"
+}
+
+print_first_n_objects() {
+  table_name="$1"
+  max_objects="$2"
+
+  birdc -s "$SOCK_PATH" show route table "$table_name" all 2>/dev/null | awk -v max="$max_objects" '
+    BEGIN {
+      count = 0
+    }
+
+    # 直接跳过空行
+    /^[[:space:]]*$/ {
+      next
+    }
+
+    # 保留 birdc 的表头
+    /^BIRD / {
+      print
+      next
+    }
+
+    /^Table / {
+      print
+      next
+    }
+
+    # 非缩进且不是表头，视为一个新对象的开始
+    /^[^[:space:]]/ {
+      count++
+      if (count > max) {
+        exit
+      }
+      print
+      next
+    }
+
+    # 缩进内容，只有在已进入前 max 个对象时才打印
+    {
+      if (count > 0 && count <= max) {
+        print
+      }
+    }
+  ' || true
+}
+
+echo "[entrypoint] starting bird"
+echo "[entrypoint] config           : $BIRD_CONFIG_PATH"
+echo "[entrypoint] observe proto    : $PROTO"
+echo "[entrypoint] observe interval : $INTERVAL"
+echo "[entrypoint] target           : $RPKI_HOST:$RPKI_PORT"
+echo "[entrypoint] show aspa        : $SHOW_ASPA ($ASPA_TABLE, first $ASPA_COUNT objects)"
+echo "[entrypoint] show roa4        : $SHOW_ROA4 ($ROA4_TABLE, first $ROA4_COUNT objects)"
+echo "[entrypoint] show roa6        : $SHOW_ROA6 ($ROA6_TABLE, first $ROA6_COUNT objects)"
+
+if [ "$PROTO" = "rpki_ssh" ] || grep -q 'transport[[:space:]]\+ssh' "$BIRD_CONFIG_PATH"; then
+  ensure_ssh_known_hosts
+fi
+
+if nc -zvw3 "$RPKI_HOST" "$RPKI_PORT"; then
+  echo "[entrypoint] TCP connectivity to $RPKI_HOST:$RPKI_PORT OK"
+else
+  echo "[entrypoint] WARNING: cannot connect to $RPKI_HOST:$RPKI_PORT before BIRD starts"
+fi
+
+bird -f -c "$BIRD_CONFIG_PATH" -s "$SOCK_PATH" &
 BIRD_PID="$!"
 
 sleep 1
@@ -22,7 +135,22 @@ if [ "$INTERVAL" -gt 0 ]; then
   while kill -0 "$BIRD_PID" 2>/dev/null; do
     echo "==== $(date -u +"%Y-%m-%dT%H:%M:%SZ") RPKI snapshot ($PROTO) ===="
     birdc -s "$SOCK_PATH" show protocols all "$PROTO" || true
-    birdc -s "$SOCK_PATH" show roa count || true
+
+    if [ "$SHOW_ASPA" = "1" ]; then
+      echo "---- ASPA table ($ASPA_TABLE, first ${ASPA_COUNT} objects) ----"
+      print_first_n_objects "$ASPA_TABLE" "$ASPA_COUNT"
+    fi
+
+    if [ "$SHOW_ROA4" = "1" ]; then
+      echo "---- ROA4 table ($ROA4_TABLE, first ${ROA4_COUNT} objects) ----"
+      print_first_n_objects "$ROA4_TABLE" "$ROA4_COUNT"
+    fi
+
+    if [ "$SHOW_ROA6" = "1" ]; then
+      echo "---- ROA6 table ($ROA6_TABLE, first ${ROA6_COUNT} objects) ----"
+      print_first_n_objects "$ROA6_TABLE" "$ROA6_COUNT"
+    fi
+
     sleep "$INTERVAL"
   done
 fi

deploy/server/docker-compose.ssh.yml

@@ -27,6 +27,7 @@ services:
       RPKI_RTR_SLURM_DIR: "/app/slurm"
       RPKI_RTR_STRICT_CCR_VALIDATION: "false"
       RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "300"
+      RUST_LOG: "info"
     volumes:
       - ../../data:/app/data:ro
       - ../../rtr-db:/app/rtr-db

deploy/server/docker-compose.tcp.yml

@@ -20,6 +20,7 @@ services:
       RPKI_RTR_STRICT_CCR_VALIDATION: "false"
       RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "300"
       RPKI_RTR_MAX_CONNECTIONS: "100000"
+      RUST_LOG: "info"
     volumes:
       - ../../data:/app/data:ro
       - ../../rtr-db:/app/rtr-db

deploy/server/docker-compose.tls.yml

@@ -24,6 +24,7 @@ services:
       RPKI_RTR_SLURM_DIR: "/app/slurm"
       RPKI_RTR_STRICT_CCR_VALIDATION: "false"
       RPKI_RTR_SOURCE_REFRESH_INTERVAL_SECS: "300"
+      RUST_LOG: "info"
     volumes:
       - ../../data:/app/data:ro
       - ../../rtr-db:/app/rtr-db