[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfrun key problem...
|
From: |
Christian Pearce |
|
Subject: |
Re: cfrun key problem... |
|
Date: |
Wed, 28 Jul 2004 11:28:51 -0400 |
Where do I set that to true? In cfrun? I pass the -T parameter cfrun.
I have TrustKeysFrom set in the cfservd.conf on sol7. What am I
missing?
On Wed, 2004-07-28 at 11:08, Mark.Burgess@iu.hio.no wrote:
> The message below says "trustkey=false".
>
> M
>
> On 28 Jul, Christian Pearce wrote:
> > Even when I cleared out all the keys and accepted trust I got this
> > problem. If this doesn't help, I will try to articulate the problem
> > better in a couple of days.
> >
> > On Wed, 2004-07-28 at 10:51, Mark.Burgess@iu.hio.no wrote:
> >> Cfengine will need to exchange new keys if you change over. So
> >> you'll have to authorize the trusting of the new key,
> >>
> >> Mark
> >>
> >> On 28 Jul, Christian Pearce wrote:
> >> > I am not certain what I am doing wrong here. Maybe someone can help. I
> >> > am attempting to do a cfrun. I have made this work in the past but now
> >> > it isn't working:
> >> >
> >> > [root@pearcec ppkeys]# /var/cfengine/bin/cfrun sol7.domain.com -- -D
> >> > defineaclass -v --
> >> > cfrun(0): .......... [ Hailing sol7.domain.com ] ..........
> >> > cfrun:pearcec.domain.com: Not authorized to trust the
> >> > server=sol7.domain.com's public key (trustkey=false)
> >> > cfrun:pearcec.domain.com: Key-authentication for pearcec.commnav.com
> >> > failed
> >> >
> >> > snip of sol7.domain.com:/var/adm/messages
> >> >
> >> > Jul 28 09:16:02 sol7 cfservd[29042]: Accepting connection from
> >> > 209.50.130.85
> >> > Jul 28 09:16:03 sol7 cfservd[29042]: Challenge response from client
> >> > 209.50.130.85 was incorrect - ID false?
> >> > Jul 28 09:16:03 sol7 cfservd[29042]: Host authorization/authentication
> >> > failed or access denied
> >> > Jul 28 09:16:03 sol7 cfservd[29042]: From
> >> > (host=pearcec.domain.com,user=root,ip=209.XXX.XXX.XXX)
> >> >
> >> > Now the interesting part is. This started happening when I turned on
> >> > the HostnameKeys in the cfservd.conf on the cfengine server (pearcec).
> >> > For some reason it finds the host key of the of sol7.domain.com and
> >> > fails. If I remove the keys hostname keys and go back to HostnameKeys
> >> > off it works like a champ.
> >> >
> >> > It seems that cfrun wants to use IP based, but find the Hostname keys
> >> > first and then complains. Does this problem sound familiar or make
> >> > sense to anyone? For now I am going to leave HostnameKeys off. I
> >> > turned in on as more of an experiment, I didn't really need it.
> >> >
> >>
> >>
> >>
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
> >> Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
> Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
Christian Pearce
http://www.commnav.com
http://www.perfectorder.com