Forum: Cfengine Help Subject: Re: Trustkeys not being shared Author: mwlarsen Link to topic: https://cfengine.com/forum/read.php?3,17676,17722#msg-17722
neilhwatson Wrote: ------------------------------------------------------- > Typically the server's public key is copied to the > client manually when you install Cfengine. Have > you done this? Neil, how do you accomplish this? Surely not scp? I'm having similar issues, except I can't get a key exchange going. I've tried setting up allowconnects, allowallconnects and trustkeysfrom in promises.cf on both the server and the client - both wide open just to try to force the exchange. I also tried 'cf-runagent -i" both ways. The localhosts connect to themselves, but they can't connect to the remote hosts for the exchange (although ssh works just fine). I get "Connection reset by peer" every time. Where is the "Cfengine3 for Dummies Step x Step" guide to just get a couple of machines talking to each other? Not actually doing anything, just talking? The tutorial on cfengine.org is woefully inadequate, long on theory and devoid of examples, and immensely frustrating for someone who's never configured an app like this before. As an example, Section 6.3.2 Remote access troubleshooting says: "1. Make sure that the domain variable is set in the configuration files read by both client and server; alternatively use skipidentify and skipverify to decouple DNS from the the authentication." Well that's really nice, but which configuration files?!? Where's the example of the domain variable declaration syntax? And what file would you put skipidentify and skipverify in? What's the format for those? The documentation for this product is a train wreck. I'd give a valued body part for a doc that goes: =>Start Here Configure server Do this Do this Do this Configure client Do this Do this Do this Communication established End Here<= Sorry, had to vent. I really would appreciate some help, but I don't even know what to ask for. I need a key exchange, and the machines won't do it. Even in debug mode, cf-runagent only shows a connection to the localhosts before "connection reset by peer", and I'm unable to glean any useful information from the docs or google searches. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
