Forum: CFEngine Help Subject: Re: cf-serverd seems to be allowing connects from system w/new keys Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,26443,26447#msg-26447
Did you remove the key from the client or the server or both? cf-key can be used to remote keys IIRC. Regarding trust and key exchange the reference says (http://cfengine.com/manuals/cf3-Reference#Key-exchange): The server cf-serverd blocks the acceptance of unknown keys by default. In order to accept such a new key, the IP address of the presumed client must be listed in the trustkeysfrom stanza of a server bundle (these bundles can be placed in any file). Once a key has been accepted, it will never be replaced with a new key, thus no more trust is offered or required. The last sentence would certain hint that trust happens only once provided the key is not removed from the server. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
