Re: cfrun authentication debugging

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfrun authentication debugging

From:	paul beard
Subject:	Re: cfrun authentication debugging
Date:	Wed, 8 Feb 2006 16:29:06 -0800


On Feb 8, 2006, at 3:31 PM, Ed Brown wrote:

I don't use cfrun, but this sure looks like problems with cfagent on
ols5 failing to talk to cfservd on cint0.  Sure you can run cfagent on
ols5?  If you suspect problems with keys, drop all the 'foreign' keys

from /var/cfengine/ppkeys on both machines, and enableTrustKeysFrom for

those ip's in cfservd.conf on both machines to let cfengine handle the
key exchanges.

I just ran cfrun from my policyhost after clearing out foreign keyson both servers.

WARNING - You do not have a public key from host ols5.example.com =192.168.10.35

          Do you want to accept one on trust? (yes/no)

--> yes
IPV4 address
sockaddr_ntop(192.168.10.35)
Connect to ols5.example.com = 192.168.10.35 on port 5308
IPV4 address
sockaddr_ntop(192.168.10.35)
IPV4 address
sockaddr_ntop(192.168.10.35)
Found address (192.168.10.35) for host ols5.example.com
Updating last-seen time for ols5.example.com
IPV4 address
sockaddr_ntop(192.168.10.20)

Identifying this agent as 192.168.10.20 i.e. int0.example.com, withsignature 0

IsIPV6Address(cint0)
Appending domain example.com to cint0
SENT:::CAUTH 192.168.10.20 cint0.example.com root 0
Transaction Send[t 44][Packed text]
Attempting to send 52 bytes
SendSocketStream, sent 52
ChecksumString(m)
OptionIs(cfrun,HostnameKeys,1)
GetMacroValue(cfrun,HostnameKeys)
KeyAuthentication(with IP keyname root-192.168.10.35)
Havekey(root-192.168.10.35)
Did not have key root-192.168.10.35
Transaction Send[t 61][Packed text]
Attempting to send 69 bytes
SendSocketStream, sent 69
Modulus (2048 bit):
    00:be:ca:20:69:e9:b3:0d:71:0d:25:97:e4:8d:40:
    47:81:9c:d7:01:9f:54:de:16:d9:09:5c:6b:3b:31:
    ed:07:22:8c:56:e8:cb:0f:dd:6f:a2:a5:35:1f:fa:
    38:7d:5b:87:fe:17:15:7e:30:71:cf:9a:41:c3:ee:
    8b:4a:d2:bf:f1:45:92:24:d3:7b:97:f9:f3:50:f3:
    8d:b3:a2:e7:21:75:76:e6:d7:8b:c4:8a:ed:8b:7b:
    29:e5:d7:88:60:68:73:78:d7:bf:f0:e6:d2:39:c2:
    c3:16:e0:81:8c:0b:fb:81:eb:2c:d8:07:3f:7c:d0:
    9b:cc:18:1c:90:44:f2:26:3c:c9:c8:98:b6:47:11:
    10:3d:24:ae:e4:a5:f7:1b:09:a9:84:b5:29:a6:22:
    60:50:f9:26:09:38:26:ae:47:73:64:8a:d3:a6:1e:
    3f:68:39:71:27:01:d3:23:c4:8b:c5:4a:e9:41:41:
    df:c1:7b:90:7a:87:be:7b:bd:4d:f8:0f:e9:44:15:
    84:3b:f8:18:a6:f9:9a:c3:a4:c7:ea:1d:b6:33:37:
    d9:c1:a9:33:ac:c4:23:f7:39:15:25:8a:54:c0:62:
    05:0d:62:4b:75:da:93:83:85:64:92:ad:4d:f5:ad:
    8b:be:ba:c5:8c:3b:d7:0f:97:8a:09:d6:c3:36:2a:
    6f:49
Exponent: 35 (0x23)
Transaction Send[t 261][Packed text]
Attempting to send 269 bytes
SendSocketStream, sent 269
Transaction Send[t 5][Packed text]
Attempting to send 13 bytes
SendSocketStream, sent 13
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 29][]
RecvSocketStream(29)
    (Concatenated 29 from stream)
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 16][]
RecvSocketStream(16)
    (Concatenated 16 from stream)
ExpandVarstring(ols5.example.com)

cfrun:int0.example.com: Trusting server identity and willing toaccept key from ols5.example.com=192.168.10.35

Receive counter challenge from server
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 256][]
RecvSocketStream(256)
    (Concatenated 256 from stream)
ChecksumString(m)
Replying to counter challenge with md5
Transaction Send[t 16][Packed text]
Attempting to send 24 bytes
SendSocketStream, sent 24
Collecting public key from server!
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 261][]
RecvSocketStream(261)
    (Concatenated 261 from stream)
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 5][]
RecvSocketStream(5)
    (Concatenated 5 from stream)
SavePublicKey root-192.168.10.35
Saving public key /var/cfengine/ppkeys/root-192.168.10.35.pub
BinaryBuffer(16)[1038f8100020000000] = 16
Generated session key
BinaryBuffer(16)[1038f8100020000000] = 16
BinaryBuffer(16)[1038f8100020000000] = 16
Encrypt 16 to 256
Encryption succeeded
Transaction Send[t 256][Packed text]
Attempting to send 264 bytes
SendSocketStream, sent 264

BinaryBuffer(256)[742777ffffffba25ffffffd0ffffffe368ffffffd6ffffff807b5f6324ffffffbfffffffe933ffffffd0ffffffd4ffffff82ffffffa2ffffffe0ffffff85fffffff863ffffffebc5ffffffb74b66068626fffffffbe9ffffffabffffffa6ffffffd96c6965ffffffc0fffffffa0ffffffd250261ffffffcd1549fffffffc34365afffffff4ffffffa9125effffffa58ffffff8365ffffff9affffffa9ffffff8e763effffffc3ffffffd7ffffff9effffff8b2d6effffff9dffffff9cffffffc8ffffffb6ffffffa11136ffffff88264cffffffa927ffffff941c5fffffffb552ffffffa7ffffffc1fffffff5ffffffcaffffffba4126fffffff4ffffffdc32ffffff8d4bffffffe7ffffffb0fffffffdffffffe2e20ffffffab68ffffff91ffffffef4affffffb8ffffff87ffffffccffffff9e25ffffffbcffffffbfffffffedfffffff2ffffff85ffffff8049ffffffd41fffffffc7ffffffd2ffffffaeffffffc1fffffff362155ffffffeaffffff932e304016ffffffbd4dfffffffe607c602b2dffffff8c74bffffffc8591a7ffffff864775ffffffb6ffffff9afffffff5fffffffb5d6655fffffff444ffffffd237ffffffe6ffffffb0ffffff971f45fffffff8fffffffcffffffb9ffffffc64bffffffab2f5fffffff9b551c4bffffffbf4ffffffc2ffffffc47d47ffffffbbffffffd21fffffffedffffffae7f6f31ffffffa3ffffff9078ffffff946b33cffffffb8ffffff963bffffff901d1e3334ffffffff5329505effffffc0ffffff81d13ffffffef34ffffffacffffffcc13ffffff8dffffffdcffffffe01dffffffbf63ffffffc8ffffffff6d6b2f472cffffffaffffffff14bffffffb3ffffffd8fffffffc3c27ffffffbeffffffc3] = 256

Transaction Send[t 6][Packed text]
Attempting to send 14 bytes
SendSocketStream, sent 14
Transaction Send[t 27][Packed text]
Attempting to send 35 bytes
SendSocketStream, sent 35
ols5.example.com replies..

RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 59][]
RecvSocketStream(59)
    (Concatenated 59 from stream)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - -


cfengine:ols5: Can't stat /exports/files/etc/hosts in copy
RecvSocketStream(8)
    (Concatenated 8 from stream)
Transaction Receive [t 28][]
RecvSocketStream(28)
    (Concatenated 28 from stream)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - -


Connection with ols5.example.com completed

wait result pid = 79750 number 1

Other than the "can't stat" error, it looks like a good connection.

My other avenue to get this done is to mount the same filesystemwhere these files live and copy them from there: still using thenetwork, but with a shell command instead if w/in cfengine'stransport mechanism.

--
Paul Beard
contact info: www.paulbeard.org/paulbeard.vcf

Are you trying to win an argument or solve a problem?

[Prev in Thread]

Current Thread

[Next in Thread]

cfrun authentication debugging, paul beard, 2006/02/07
- Re: cfrun authentication debugging, Ed Brown, 2006/02/08
  - Re: cfrun authentication debugging, paul beard, 2006/02/08
  - Re: cfrun authentication debugging, paul beard <=

Prev by Date: Re: Warnings - where do they go?
Next by Date: closer to solving (common) authentication issues
Previous by thread: Re: cfrun authentication debugging
Next by thread: Warnings - where do they go?
Index(es):
- Date
- Thread