It's intended to transfer an existing peer config from router to mobile phone, e.g. via Android App ("Create from QR Code"). And of course the private key is part of that config ... and will be not exposed by the Android App. I don't see an issue here.
The issue is it doesn't transfer the peer config. It transfers the server config. That's a massive security flaw.
i can only talk for the scenario without defined peers (on server side) though because if you add a peer the QR Code won't get accepted anymore on Android. The QR Code generation is buggy as hell at the moment.
+!. The private key of the server is exactly that, private. Whilst it can be used in the peer device, good practice would be to have unique private keys for each peer. (for the same reason as you don't share private keys for ssh).
If wanted to create a 'key pair package(private/public) for use in a peer as a helpful management tool then that is different. But the openwrt private key shouldn't be used on the peer.
openwrt (openwrt private key only) -> share openwrt public key for use on peer.
peer (peer private key only) -> share peer private key for use on openwrt
This way peer has confidence that it is talking to openwrt and openwrt has confidence that is is talking to the peer.
I can verify that the QR Code was an exact copy of the server and peers of the OpenWrt. The QR Code is only useful for transferring the entire config of the router to another device. It had no peer Private Keys - only the OpenWrt's.
The code only recreates the OpenWrt config on another device. It cannot be used to make a new peer to connect to the OpenWrt.
There is a philosophical issue that would need to be decided regarding any peer private key.
The private key should only be known on the receive side of the connection. ie openwrt should see it's private key and the public key of any peer. The peer should only see it's private key and the public key of any connecting host. And neither openwrt nor the peer should see the other devices private key.
That said, you could create a private/public key pair for a peer and template ip addresses and then make the QR code for a peer on openwrt. It's assuming that the openwrt is secure.
At the least a QR code for as much of the peer config as possible would be nice and/or a luci interface to create private/public keys so you can cut and paste from the gui rather than the command line.
I cannot try the qr code interface as it is not present in stable release.
But I don't need to try it to know that if it encodes the private key of the sever, that is a security issue.
I would like to send a QR code or config file to my kids, or my family, but I don't want to send them the private key of my sever, which should remain private.
I don't know if it is true or not, that the QR code contains the private key, I only said that it should not.
And nobody has said that it does not store the private key, and you seem to confirm that it stores al, the server config.
The problem is not showing the private key of the phone, the problem is showing the private key of the router to third parties, when you send them the qr Codd to facilitate them the config of the tunnel from their devices.
There should not be any private key in the qr code, the private key should never go outside any device.
As the adiminidtrator of the router, my kid or familiar shoulx provide me the public key of their device, I configure a peer in my router and assign a ip, and I send the config file or qr code to let their app generate a peer to connect tomy router,
They do not need my private key and i don't need their private key, none of us should know the private key of the other.
I get the same error with missing 'endpoint' when a peer is defined. This value is optional so the error is not correct.
But as i stated on github already i think this implementation is not correct. If the QR Code is capable of transferring 3 keys (a new keypair and the servers public key) we have all we need to distribute and set two independent keypairs as its intended.
Here is your define, as define has no rules which is fine. i respect everyone's philosophy regardless it's not true.
Language failure, this language does not even follow its pre-define and rules by itself.
Error code showing without supportive reasons, or references. and has no proof on "security issue".
I think you should go to support topic about luci-app-sshd and complain about private keys.
Where is your family going to scan the QR code? What really are you trying to do?
Let's say we are in the movie called "Hackers 101" I print this QR code on a letter paper, and paste the paper right next to my house numbers outside,
A hacker called 'Fernando' in a suv scanned that code. so what will be happened next? what if he really established a tunnel in a non-sense movie script. what will be the next step for a hacker to do? brute-force internal computers? packet sniffing internal traffics? probably looking at 'htop' on the laptop monitor and rubbing his jaw with a thumb and a index finger and the screen fades out.
ok admin, so how are your family smartphone going to deliver the key to openwrt or you before your own topology in perfectly secured openwrt router based on your security concerns? how's c2c works and nat-traversal by knowing each other? there are rules exist in the different ways.