[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Key Authentication for <host> failed, Unable to establish connection
|
From: |
Mark . Burgess |
|
Subject: |
Re: Key Authentication for <host> failed, Unable to establish connection with <server> |
|
Date: |
Fri, 5 Jul 2002 20:59:15 +0200 (MET DST) |
define=class
elsedefine=class
or just run cfagent more often...?
M
On 5 Jul, Lumpkin, Buddy wrote:
> We have certain jobs that I only want to run once per evening, yet it's
> extremely important that they "do run". One example is the distribution of
> passwords to several servers from a single host. If im using a time class,
> say Hr02.Min05 to control when this copy happens, and in crontab I run
> cfexecd five minutes after every hour, and the 2:05am run has 5 connection
> problems (5 hosts didn't get the latest copy of /etc/passwd, shadow and
> group), then passwords aren't replicated to those hosts the next day.
>
> Is there any way of telling CFengine that if the previous run failed, to go
> ahead and try again?
>
> Im at a point where I have tried different versions of openssl, BerkeleyDB
> and CFengine and I still get these problems and I don't want to go back to
> rdist, but I may have to :(.
>
> --Buddy
>
>
> -----Original Message-----
> From: Mark.Burgess@iu.hio.no [mailto:Mark.Burgess@iu.hio.no]
> Sent: Tuesday, July 02, 2002 11:09 PM
> To: fsmith@hoovers.com
> Cc: Buddy.Lumpkin@nordstrom.com; help-cfengine@gnu.org
> Subject: Re: Key Authentication for <host> failed, Unable to establish
> connection with <server>
>
>
>
> I used to see these too, but not any more. I have no explanation for them
> at all. Maybe try a newer openssl. That is really the only source
> of the error that I can think of.
>
> This message occurs when either decryption of the challenge(response)
> fails or transmitted keys do not match previously known keys. Either
> way, it's all openssl stuff, or "trust" settings.
>
> Of course, it could be a disk read error....
>
> I don't know what to say. Try upgrading to the latest openssl and
> recompiling,and let me know if it helps. I don't know why the problem
> went away here, but I do know that it has often been that one host
> didn't receive the public key of another and that this then kicks
> in when they try to talk.
>
> Mark
>
>
> On 2 Jul, Frank Smith wrote:
>> --On Tuesday, July 02, 2002 19:04:38 -0700 "Lumpkin, Buddy"
>> <Buddy.Lumpkin@nordstrom.com> wrote:
>>
>>> I run cfexecd -F on about 80 hosts every hour with a splaytime of 50
>>> minutes. I feel pretty confident that our network doesn't have very
>>> many hiccups, yet I get a few of these error messages every day.
>>> Has anyone else had intermittent problems with this?
>>
>> I run it on over 60 hosts with a splaytime of 10 minutes (and most of
>> them through VPNs to remote sites), and get one of those errors every
>> couple of days (although there are the occasional days with 3 to 4
>> of them. They seem to have no correlation to network traffic, system
>> load (client or server) or even phase of the moon.
>> Never dug in the code to see if it retried, just figured that the
>> occasional packet got dropped and it didn't retry. If it was easily
>> reproducible I would turn up debugging on both ends and watch, but it
>> doesn't happen often enough to be practical.
>> If anyone has any explanations I'd like to hear it.
>>
>> Frank
>>
>>
>> --
>> Frank Smith fsmith@hoovers.com
>> Systems Administrator Voice: 512-374-4673
>> Hoover's Online Fax: 512-374-4501
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
> Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~