[j-nsp] SSH PKA for system archival.

[Alexandre Snarskii]

On Tue, Feb 16, 2010 at 09:59:35PM -0600, Bill Marquette wrote:
> > 
> > You can of course send syslog messages to syslog-ng and have syslog-ng
> > call mail or a mail wrapper. I would prefer to have simple syslog
> > messages (ie. log of some event or state) and then have additional
> > functionality in parsing at a central location.
> 
> Sure and we do, but I was trying to build a process that allowed my 
> SRX to push a diff of a given commit back to our ticketing system 
> (which already processes emails) rather than send an event offbox 
> that requires me to then somehow retrieve that change.  
> Yes, I'm aware I can transfer the files, but there are a couple 
> issues with that, the first being transfer-on-commit doesn't appear 
> to support alternate SSH ports, nor does it appear to support RSA 
> private keys, which puts this into an event script at best, the 

'system archival' uses bundled ssh, which, of course, supports
RSA/DSA private keys. Only thing you have to do to get this support
is to 'start shell user root' and then simply run 'ssh-keygen' :) 
Keys stored in ~root/.ssh/, and then following configuration works: 

    archival {
        configuration {
            transfer-on-commit;
            archive-sites {
                "scp://<username>@<host>/home/<username>/uploads";
            }
        }
    }


Well, there is an issue with these keys on EX-series - during system
upgrade these keys got wiped and have either regenerated or restored 
from backup (if there is any known workaround - would like to hear). 
Not sure about SRX, though.