Closed marvinthepa closed 2 days ago
I just realized that this issue is probably in https://github.com/CESNET/libnetconf2. Let me know if you prefer to discuss it there.
I also read the source code a bit, and while I don't claim to understand it, I did not find a place where
<public-keys xc:operation="remove"/>
is handled at all. Is there one?
Deleting a key using
<public-keys>
<inline-definition>
<public-key xc:operation="remove">
<name>foo</name>
works, but this can only be done when adding another key in the process, otherwise:
[ERR] Mandatory choice "inline-or-truststore" data do not exist. (path "/ietf-netconf-server:netconf-server/listen/endpoints/endpoint[name='default-ssh']/ssh/ssh-server-parameters/client-authentication/users/user[name='kevin']/public-keys")
[ERR] Validation failed.
Hello, yes, this is definitely a bug. I have managed to fix it, but seems like public-keys
is not the only unhandled container and there are a couple more bugs similar to this one. Feel free to try out the fix once it's part of the libnetconf2
's devel branch.
Hey,
I encountered this on the current master. when running the following two configurations in sequence:
1) set public key auth for kevin
2) set password auth for kevin
(both piped to
sysrepocfg --edit -d startup -f xml -m ietf-netconf-server -v3
, then activated usingsysrepocfg -C startup -m ietf-netconf-server -v3
)The user kevin is still able to log in with the key configured in the first request, although the config, when exported via
sysrepocfg -X -d running
, only shows password auth:restarting the
netopeer2-server
service fixes this - however, changing from password to key auth seems to work fine (i.e. password auth is disabled) without a restart.