vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix mistake in RPKI documentation about the use of TLS

Browse Source 
HTTP is not used for RPKI information, the RTR protocol is used, which works on
top of plain TCP. Although some implementations can use TLS, VyOS (and FRR) do
not support it, and use either plain TCP or SSH.
This commit is contained in:
Antonios Chariton (daknob) 2024-04-05 22:38:08 +02:00
parent 7bee765d6a
commit edbf884605
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/configuration/protocols/rpki.rst
View File

@ -140,11 +140,13 @@ Configuration
SSH
===
Connections to the RPKI caching server can not only be established by HTTP/TLS
but you can also rely on a secure SSH session to the server. To enable SSH,
first you need to create an SSH client keypair using ``generate ssh
client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup
the connection.
Connections to the RPKI caching server can not only be established by TCP using
the RTR protocol but you can also rely on a secure SSH session to the server.
This provides transport integrity and confidentiality and it is a good idea if
your validation software supports it. To enable SSH, first you need to create
an SSH client keypair using ``generate ssh client-key
/config/auth/id_rsa_rpki``. Once your key is created you can setup the
connection.
.. cfgcmd:: set protocols rpki cache <address> ssh username <user>