Re: cfrun key problem...

[Mark . Burgess]

Cfengine will need to exchange new keys if you change over. So
you'll have to authorize the trusting of the new key,

Mark

On 28 Jul, Christian Pearce wrote:
> I am not certain what I am doing wrong here.  Maybe someone can help.  I
> am attempting to do a cfrun.  I have made this work in the past but now
> it isn't working:
> 
> [root@pearcec ppkeys]# /var/cfengine/bin/cfrun   sol7.domain.com -- -D
> defineaclass -v --
> cfrun(0):         .......... [ Hailing sol7.domain.com ] ..........
> cfrun:pearcec.domain.com: Not authorized to trust the
> server=sol7.domain.com's public key (trustkey=false)
> cfrun:pearcec.domain.com: Key-authentication for pearcec.commnav.com
> failed
> 
> snip of sol7.domain.com:/var/adm/messages
> 
> Jul 28 09:16:02 sol7 cfservd[29042]: Accepting connection from
> 209.50.130.85
> Jul 28 09:16:03 sol7 cfservd[29042]: Challenge response from client
> 209.50.130.85 was incorrect - ID false?
> Jul 28 09:16:03 sol7 cfservd[29042]: Host authorization/authentication
> failed or access denied
> Jul 28 09:16:03 sol7 cfservd[29042]: From
> (host=pearcec.domain.com,user=root,ip=209.XXX.XXX.XXX)
> 
> Now the interesting part is.  This started happening when I turned on
> the HostnameKeys in the cfservd.conf on the cfengine server (pearcec). 
> For some reason it finds the host key of the of sol7.domain.com and
> fails.  If I remove the keys hostname keys and go back to HostnameKeys
> off it works like a champ.
> 
> It seems that cfrun wants to use IP based, but find the Hostname keys
> first and then complains.  Does this problem sound familiar or make
> sense to anyone?  For now I am going to leave HostnameKeys off.  I
> turned in on as more of an experiment, I didn't really need it.
> 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~