[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfrun key problem...
From: |
Mark . Burgess |
Subject: |
Re: cfrun key problem... |
Date: |
Wed, 28 Jul 2004 17:08:11 +0200 (MEST) |
The message below says "trustkey=false".
M
On 28 Jul, Christian Pearce wrote:
> Even when I cleared out all the keys and accepted trust I got this
> problem. If this doesn't help, I will try to articulate the problem
> better in a couple of days.
>
> On Wed, 2004-07-28 at 10:51, Mark.Burgess@iu.hio.no wrote:
>> Cfengine will need to exchange new keys if you change over. So
>> you'll have to authorize the trusting of the new key,
>>
>> Mark
>>
>> On 28 Jul, Christian Pearce wrote:
>> > I am not certain what I am doing wrong here. Maybe someone can help. I
>> > am attempting to do a cfrun. I have made this work in the past but now
>> > it isn't working:
>> >
>> > [root@pearcec ppkeys]# /var/cfengine/bin/cfrun sol7.domain.com -- -D
>> > defineaclass -v --
>> > cfrun(0): .......... [ Hailing sol7.domain.com ] ..........
>> > cfrun:pearcec.domain.com: Not authorized to trust the
>> > server=sol7.domain.com's public key (trustkey=false)
>> > cfrun:pearcec.domain.com: Key-authentication for pearcec.commnav.com
>> > failed
>> >
>> > snip of sol7.domain.com:/var/adm/messages
>> >
>> > Jul 28 09:16:02 sol7 cfservd[29042]: Accepting connection from
>> > 209.50.130.85
>> > Jul 28 09:16:03 sol7 cfservd[29042]: Challenge response from client
>> > 209.50.130.85 was incorrect - ID false?
>> > Jul 28 09:16:03 sol7 cfservd[29042]: Host authorization/authentication
>> > failed or access denied
>> > Jul 28 09:16:03 sol7 cfservd[29042]: From
>> > (host=pearcec.domain.com,user=root,ip=209.XXX.XXX.XXX)
>> >
>> > Now the interesting part is. This started happening when I turned on
>> > the HostnameKeys in the cfservd.conf on the cfengine server (pearcec).
>> > For some reason it finds the host key of the of sol7.domain.com and
>> > fails. If I remove the keys hostname keys and go back to HostnameKeys
>> > off it works like a champ.
>> >
>> > It seems that cfrun wants to use IP based, but find the Hostname keys
>> > first and then complains. Does this problem sound familiar or make
>> > sense to anyone? For now I am going to leave HostnameKeys off. I
>> > turned in on as more of an experiment, I didn't really need it.
>> >
>>
>>
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
>> Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~