Forum: Cfengine Help Subject: Re: Need help troubleshooting Remote Access key exchange Author: regan99 Link to topic: https://cfengine.com/forum/read.php?3,21233,21247#msg-21247
Ok, I went ahead and did what you described, but I had both the policy server AND the client in verbose mode, just to make sure I saw all of the information. Here's the output on the policy server when the client makes a connection: community> -> Accepting a connection community> Accepting connection from "::ffff:192.168.52.139" community> New connection...(from ::ffff:192.168.52.139:sd 4) community> Spawning new thread... community> Allowing 192.168.52.139 to connect without (re)checking ID community> Non-verified Host ID is 192.168.52.139 (Using skipverify) community> Non-verified User ID seems to be root (Using skipverify) community> Private decrypt failed = block type is not 02 community> Auth dialogue error community> From (host=192.168.52.139,user=root,ip=::ffff:192.168.52.139) community> REFUSAL of request from connecting host: (SAUTH y 256 37 c) And here is the output from cf-runagent on the client as it makes the request: community> SET trustkey = 1 community> -> Matched IP 192.168.52.140 to key MD5=044aab4cdce604d9d767b5772699c26e community> ........................................................................... community> * Hailing 192.168.52.140 : 5308, with options "" (serial) community> ........................................................................... community> No existing connection to 192.168.52.140 is established... community> Set cfengine port number to 5308 = 5308 community> Set connection timeout to 10 community> -> Connect to 192.168.52.140 = 192.168.52.140 on port 5308 community> -> Matched IP 192.168.52.140 to key MD5=044aab4cdce604d9d767b5772699c26e community> -> Going to secondary storage for key community> BAD: Unspecified server refusal (see verbose server output) community> !! Authentication dialogue with 192.168.52.140 failed community> Unable to establish connection with 192.168.52.140 Segmentation fault And finally, the output from cf-serverd -v being run on the client... none! I'm not sure what to make of this. I ran 'cf-key -s' on each machine to make sure there are valid keys (and there are), but for whatever reason, I cannot get this to work. The policy server clearly indicated that it is set to accept public keys on trust from the client IP address, and the connection from the client clearly appears from that IP. The only thing I see in the output that seems like an error I can investigate is this: Private decrypt failed = padding check failed Auth dialogue error But I have no idea what to check. Any other ideas? I must be doing something fundamentally wrong, as the setup I am using is about as plain as you can get. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
