help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Getting Trust Keys to work - simple copy experiment

From: Rob Martin
Subject: Getting Trust Keys to work - simple copy experiment
Date: Thu, 18 Aug 2005 00:16:40 -0400 
Hello Folks,
I am doing some experimenting with cfengine to learn about how it works for this masters thesis I am working on. I am trying to do a simple copy of a directory from a server to a client. I am using a closed small network (simple domain server and one client -just two machines on a hub). IP addresses are manually assigned. The master domain server is also the "cfengine server". 

I cannot get past a BAD key error.

"cfengine:: BAD: keys did not match"

I have used this documentation link for some help but still no luck.
http://www.cfengine.org/confdir/copyv2.html
I hope someone has some advice for me to get past this bad key error and get these two machines to trust each other. 
Thanks,
Rob Martin
East Tennesee State University
====================
here are the details:

Secure Copy Experiment

cfengine server: cfgserver.sample.com IP 192.168.1.100
cfengine client: cfgclient3.sample.com IP 192.168.1.3

cfagent input file is copy-aug17.cf  - which has the following entries:

control:
        Actionsequence = (copy)

copy:
/opt/adobe dest=/opt/adobe server=192.168.1.100 truskeys=true
I have generated keys using cfkey on the server and copied the localhost.pub key from the server to a file called root-192.168.1.100-pub on the client (I think this is correct based on the documentation I referenced above...but then ... it's not working...so...?) 

the fully qualified path and filename for the keyfile on the client is:
/var/cfengine/ppkeys/root-192.168.1.100-pub

I have the following cfservd.conf on the server:

Control:
AllowConnectionsFrom = ( 192.168.1.0/254 )
TrustKeysFrom = ( 192.168.1.0/254 )
SkipVerify = ( 192.168.1.0/254 )
AllowUsers = ( root )

I have the following cfservd.conf on the client:

AllowConnectionsFrom = ( 192.168.1.0/254 )
TrustKeysFrom = ( 192.168.1.0/254 )
SkipVerify = ( 192.168.1.0/254 )
AllowUsers = ( root )

I am logged in as root on both the client and the server.
I have changed permissions on localhost.pub key file on the server and the
root-192.168.1.100-pub key file on the client to 777 to try and make sure file permissions is not an issue. I start cfservd on both the server and the client, change directories to the /var/cfengine/bin directory and then run cfagent –f copy-aug17.cf and capture the output. 
the full command line entry is as follows:
./cfagent –d0 –f /var/cfengine/inputs/copy-aug17.cf >copy-v7-aug17
The copy fails with the following message contained in the output I have captured: 

cfengine:: BAD: keys did not match

The end of the output is shown below.
The full output file is available at http://www.spanishwaterdog.us/copy-v7-aug17.html 


OptionIs(main,HostnameKeys,1)
GetMacroValue(main,HostnameKeys)
KeyAuthentication(with IP keyname root-192.168.1.100)
Havekey(root-192.168.1.100)
Loaded /var/cfengine/ppkeys/root-192.168.1.100.pub
Transaction Send[t 280][Packed text]
Attempting to send 288 bytes
SendSocketStream, sent 288
Modulus (2048 bit):
   00:c0:90:d8:f2:36:01:44:d3:a6:df:56:46:5f:3f:
   a5:1b:c6:0d:6c:30:83:55:86:b0:28:54:49:33:c2:
   c3:c8:61:75:87:45:11:c8:0e:8b:ac:e0:65:60:bf:
   c6:81:8b:0b:5f:ce:f1:58:df:02:bb:4f:d0:36:b1:
   af:03:95:ee:f1:15:fd:84:dd:a4:6e:a8:0d:92:e8:
   c8:87:73:8b:5d:e3:c9:e6:20:96:69:22:6e:e2:55:
   c4:19:91:e3:4f:d7:22:0b:1f:fc:65:c4:e6:11:e5:
   ff:13:e8:12:3f:90:43:18:2f:ab:eb:6d:4c:9e:cf:
   cc:39:0b:8a:2e:7c:c7:0f:39:11:f4:19:cc:bd:5c:
   46:dd:df:30:c3:2a:b5:5c:c8:ae:45:3c:5e:62:e1:
   8c:ff:75:14:8c:32:df:43:50:d1:a2:39:0f:c6:87:
   a0:30:6e:4b:12:fb:f3:b1:33:3b:cd:e0:b2:24:31:
   73:59:47:49:d0:e1:a6:de:6d:58:37:d1:49:ad:71:
   13:80:7e:df:d1:35:29:b3:e9:73:09:4e:54:a6:97:
   e0:41:a3:7a:09:e4:f6:62:9c:8e:d8:d8:ba:91:01:
   ff:ee:fa:55:0a:39:ec:72:7b:7f:1e:33:5b:9d:6c:
   92:10:ae:ef:c7:4a:21:a1:84:75:c4:e6:db:43:fc:
   dc:2d
Exponent: 35 (0x23)
Transaction Send[t 261][Packed text]
Attempting to send 269 bytes
SendSocketStream, sent 269
Transaction Send[t 5][Packed text]
Attempting to send 13 bytes
SendSocketStream, sent 13
RecvSocketStream(8)
   (Concatenated 8 from stream)
Transaction Receive [t 23][]
RecvSocketStream(23)
   (Concatenated 23 from stream)
cfengine:: BAD: keys did not match
cfengine:: Authentication dialogue with 192.168.1.100 failed
Closing current connection
cfengine:: Unable to establish connection with 192.168.1.100 (failover)
Closing current connection
Saving the setuid log in /var/cfengine/cfagent.cfgclient3.sample.com.log
Job start time set to Wed Aug 17 23:28:30 2005

---------------------------------------------------------------------
Alerts
---------------------------------------------------------------------

OptionIs(main,ChecksumPurge,1)
GetMacroValue(main,ChecksumPurge)


++++++++++++++++++++++++++++++++++++++++
Summary of objects involved
++++++++++++++++++++++++++++++++++++++++

   global
   main
reply via email to
[Prev in Thread] Current Thread [Next in Thread]