|
From: | Lumpkin, Buddy |
Subject: | HELP PLEASE: key distribution using CFengine |
Date: | Thu, 11 Mar 2004 11:36:46 -0800 |
Hello All, For the sake of this email, let’s say the client (n0319t50)
ip is 10.1.45.22, and the server running cfservd (n0319p01) that I copy data
from is 10.1.45.21 I generated a fresh set of keys on a new host where I have
installed CFengine. Then I copied over the public key from a server that has
config files that get copied out to other systems. So I have: # ls /var/cfengine/ppkeys localhost.priv localhost.pub root-10.1.45.21.pub
ß ip address changed of course On the server (n0319p01) I have not copied over the keys
from the new client, but I have added the following line to cfagent.conf: TrustKeysFrom = ( 10.1.45.22 10.1.45/24 ) ß note same
subnet and explicit ip address of the client in ths stanza I then restart cfservd for good measure on the server, but on
the client it still complains about bad keys: Checking copy from n0319p01:/etc/init.d/cfservd to
/etc/init.d/cfservd Connect to n0319p01 = 10.1.45.21, port h=5308 Loaded /var/cfengine/ppkeys/root-10.1.45.21.pub cfengine:: BAD: key could not be accepted on trust cfengine:: Authentication dialogue with x0319p01 failed cfengine:: Unable to establish connection with n0319p01 Saving the setuid log in /var/cfengine/cfagent.n0319t50.log If I copy over the localhost.pub as root-10.1.45.22.pub it
works (of course). Am I mis-understanding the TrustKeysFrom directive? I
thought this was a way for keys to be exchanged from client to server
automatically? --Buddy |
[Prev in Thread] | Current Thread | [Next in Thread] |