[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Key Authentication for <host> failed, Unable to establish connection
|
From: |
Lumpkin, Buddy |
|
Subject: |
RE: Key Authentication for <host> failed, Unable to establish connection with <server> |
|
Date: |
Fri, 5 Jul 2002 11:54:07 -0700 |
We have certain jobs that I only want to run once per evening, yet it's
extremely important that they "do run". One example is the distribution of
passwords to several servers from a single host. If im using a time class, say
Hr02.Min05 to control when this copy happens, and in crontab I run cfexecd five
minutes after every hour, and the 2:05am run has 5 connection problems (5 hosts
didn't get the latest copy of /etc/passwd, shadow and group), then passwords
aren't replicated to those hosts the next day.
Is there any way of telling CFengine that if the previous run failed, to go
ahead and try again?
Im at a point where I have tried different versions of openssl, BerkeleyDB and
CFengine and I still get these problems and I don't want to go back to rdist,
but I may have to :(.
--Buddy
-----Original Message-----
From: Mark.Burgess@iu.hio.no [mailto:Mark.Burgess@iu.hio.no]
Sent: Tuesday, July 02, 2002 11:09 PM
To: fsmith@hoovers.com
Cc: Buddy.Lumpkin@nordstrom.com; help-cfengine@gnu.org
Subject: Re: Key Authentication for <host> failed, Unable to establish
connection with <server>
I used to see these too, but not any more. I have no explanation for them
at all. Maybe try a newer openssl. That is really the only source
of the error that I can think of.
This message occurs when either decryption of the challenge(response)
fails or transmitted keys do not match previously known keys. Either
way, it's all openssl stuff, or "trust" settings.
Of course, it could be a disk read error....
I don't know what to say. Try upgrading to the latest openssl and
recompiling,and let me know if it helps. I don't know why the problem
went away here, but I do know that it has often been that one host
didn't receive the public key of another and that this then kicks
in when they try to talk.
Mark
On 2 Jul, Frank Smith wrote:
> --On Tuesday, July 02, 2002 19:04:38 -0700 "Lumpkin, Buddy"
> <Buddy.Lumpkin@nordstrom.com> wrote:
>
>> I run cfexecd -F on about 80 hosts every hour with a splaytime of 50
>> minutes. I feel pretty confident that our network doesn't have very
>> many hiccups, yet I get a few of these error messages every day.
>> Has anyone else had intermittent problems with this?
>
> I run it on over 60 hosts with a splaytime of 10 minutes (and most of
> them through VPNs to remote sites), and get one of those errors every
> couple of days (although there are the occasional days with 3 to 4
> of them. They seem to have no correlation to network traffic, system
> load (client or server) or even phase of the moon.
> Never dug in the code to see if it retried, just figured that the
> occasional packet got dropped and it didn't retry. If it was easily
> reproducible I would turn up debugging on both ends and watch, but it
> doesn't happen often enough to be practical.
> If anyone has any explanations I'd like to hear it.
>
> Frank
>
>
> --
> Frank Smith fsmith@hoovers.com
> Systems Administrator Voice: 512-374-4673
> Hoover's Online Fax: 512-374-4501
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~