[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Getting Trust Keys to work - simple copy experiment
From: |
Rob Martin |
Subject: |
Getting Trust Keys to work - simple copy experiment |
Date: |
Thu, 18 Aug 2005 00:16:40 -0400 |
Hello Folks,
I am doing some experimenting with cfengine to learn about how it works for
this masters thesis I am working on.
I am trying to do a simple copy of a directory from a server to a client. I
am using a closed small network (simple domain server and one client -just
two machines on a hub). IP addresses are manually assigned. The master
domain server is also the "cfengine server".
I cannot get past a BAD key error.
"cfengine:: BAD: keys did not match"
I have used this documentation link for some help but still no luck.
http://www.cfengine.org/confdir/copyv2.html
I hope someone has some advice for me to get past this bad key error and get
these two machines to trust each other.
Thanks,
Rob Martin
East Tennesee State University
====================
here are the details:
Secure Copy Experiment
cfengine server: cfgserver.sample.com IP 192.168.1.100
cfengine client: cfgclient3.sample.com IP 192.168.1.3
cfagent input file is copy-aug17.cf - which has the following entries:
control:
Actionsequence = (copy)
copy:
/opt/adobe dest=/opt/adobe server=192.168.1.100 truskeys=true
I have generated keys using cfkey on the server and copied the localhost.pub
key from the server to a file called root-192.168.1.100-pub on the client (I
think this is correct based on the documentation I referenced above...but
then ... it's not working...so...?)
the fully qualified path and filename for the keyfile on the client is:
/var/cfengine/ppkeys/root-192.168.1.100-pub
I have the following cfservd.conf on the server:
Control:
AllowConnectionsFrom = ( 192.168.1.0/254 )
TrustKeysFrom = ( 192.168.1.0/254 )
SkipVerify = ( 192.168.1.0/254 )
AllowUsers = ( root )
I have the following cfservd.conf on the client:
AllowConnectionsFrom = ( 192.168.1.0/254 )
TrustKeysFrom = ( 192.168.1.0/254 )
SkipVerify = ( 192.168.1.0/254 )
AllowUsers = ( root )
I am logged in as root on both the client and the server.
I have changed permissions on localhost.pub key file on the server and the
root-192.168.1.100-pub key file on the client to 777 to try and make sure
file permissions is not an issue.
I start cfservd on both the server and the client, change directories to the
/var/cfengine/bin directory and then run cfagent f copy-aug17.cf and
capture the output.
the full command line entry is as follows:
./cfagent d0 f /var/cfengine/inputs/copy-aug17.cf >copy-v7-aug17
The copy fails with the following message contained in the output I have
captured:
cfengine:: BAD: keys did not match
The end of the output is shown below.
The full output file is available at
http://www.spanishwaterdog.us/copy-v7-aug17.html
OptionIs(main,HostnameKeys,1)
GetMacroValue(main,HostnameKeys)
KeyAuthentication(with IP keyname root-192.168.1.100)
Havekey(root-192.168.1.100)
Loaded /var/cfengine/ppkeys/root-192.168.1.100.pub
Transaction Send[t 280][Packed text]
Attempting to send 288 bytes
SendSocketStream, sent 288
Modulus (2048 bit):
00:c0:90:d8:f2:36:01:44:d3:a6:df:56:46:5f:3f:
a5:1b:c6:0d:6c:30:83:55:86:b0:28:54:49:33:c2:
c3:c8:61:75:87:45:11:c8:0e:8b:ac:e0:65:60:bf:
c6:81:8b:0b:5f:ce:f1:58:df:02:bb:4f:d0:36:b1:
af:03:95:ee:f1:15:fd:84:dd:a4:6e:a8:0d:92:e8:
c8:87:73:8b:5d:e3:c9:e6:20:96:69:22:6e:e2:55:
c4:19:91:e3:4f:d7:22:0b:1f:fc:65:c4:e6:11:e5:
ff:13:e8:12:3f:90:43:18:2f:ab:eb:6d:4c:9e:cf:
cc:39:0b:8a:2e:7c:c7:0f:39:11:f4:19:cc:bd:5c:
46:dd:df:30:c3:2a:b5:5c:c8:ae:45:3c:5e:62:e1:
8c:ff:75:14:8c:32:df:43:50:d1:a2:39:0f:c6:87:
a0:30:6e:4b:12:fb:f3:b1:33:3b:cd:e0:b2:24:31:
73:59:47:49:d0:e1:a6:de:6d:58:37:d1:49:ad:71:
13:80:7e:df:d1:35:29:b3:e9:73:09:4e:54:a6:97:
e0:41:a3:7a:09:e4:f6:62:9c:8e:d8:d8:ba:91:01:
ff:ee:fa:55:0a:39:ec:72:7b:7f:1e:33:5b:9d:6c:
92:10:ae:ef:c7:4a:21:a1:84:75:c4:e6:db:43:fc:
dc:2d
Exponent: 35 (0x23)
Transaction Send[t 261][Packed text]
Attempting to send 269 bytes
SendSocketStream, sent 269
Transaction Send[t 5][Packed text]
Attempting to send 13 bytes
SendSocketStream, sent 13
RecvSocketStream(8)
(Concatenated 8 from stream)
Transaction Receive [t 23][]
RecvSocketStream(23)
(Concatenated 23 from stream)
cfengine:: BAD: keys did not match
cfengine:: Authentication dialogue with 192.168.1.100 failed
Closing current connection
cfengine:: Unable to establish connection with 192.168.1.100 (failover)
Closing current connection
Saving the setuid log in /var/cfengine/cfagent.cfgclient3.sample.com.log
Job start time set to Wed Aug 17 23:28:30 2005
---------------------------------------------------------------------
Alerts
---------------------------------------------------------------------
OptionIs(main,ChecksumPurge,1)
GetMacroValue(main,ChecksumPurge)
++++++++++++++++++++++++++++++++++++++++
Summary of objects involved
++++++++++++++++++++++++++++++++++++++++
global
main
- Getting Trust Keys to work - simple copy experiment,
Rob Martin <=