On 12/23/2010 04:03 PM, Deb Heller wrote: > So, couldn't you, at the command line on the client host, issue this > command to initiate the key exchange? > > cf-agent -B -s policy_server > > (where "policy_server" is the hostname or IP address of the policy server) > > As long as the server trusts the client, the keys should be exchanged > and you're good to go. > > I think that's all you need to get things started. Nick's failsafe.cf > and update.cf are really nice additions.
That doesn't work, with a clean install. #. Install cfengine via rpm #. run cf-key #. copy failsafe.cf to /var/cfengine/inputs #. bootstrap with failsafe # cf-agent -BK -s 192.168.1.129 !! Not authorized to trust the server=192.168.1.129's public key (trustkey=false) !! Authentication dialogue with 192.168.1.129 failed So the issue here is the client does not have the servers key and cannot trust the server. I cant quite reconcile in my head the key exchange, or the best way to manage the key exchange. -- Nick Anderson <n...@cmdln.org> _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
