Changes between Version 7 and Version 8 of debug-server-to-server-connections


Ignore:
Timestamp:
Jun 17, 2015, 1:36:30 PM (10 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • debug-server-to-server-connections

    v7 v8  
    1818Here are the top causes for the failures, and the remedies. Note: you may need to repeat the first one ''after'' fixing the problem with one of the later steps. A failure to connect sometimes seem to kill the ssh-agent.
    1919
    20  * The connecting server does not have SSH_AUTH_SOCK set. This is set in ~/.profile. If you are debugging, you may need to source this file. If you are scripting, be sure to manually set the environment variable: SSH_AUTH_SOCK=/root/.ssh-agent-socket/sock. Test with:
     20 * The ''connecting'' server does not have SSH_AUTH_SOCK set. This is set in ~/.profile. If you are debugging, you may need to source this file. If you are scripting, be sure to manually set the environment variable: SSH_AUTH_SOCK=/root/.ssh-agent-socket/sock. Test on the ''connecting'' server with:
    2121{{{
    2222echo $SSH_AUTH_SOCK
     
    2727}}}
    2828 and try again.
    29  * Something went wrong with ssh-agent on the connecting server. Check for the existence of the socket file. If it's not there, fix: Stop and restart the service:
     29 * Something went wrong with ssh-agent on the connecting server. Check for the existence of the socket file. If it's not there, fix: Stop and restart the service on the ''connecting'' server:
    3030{{{
    3131ls -l /root/.ssh-agent-socket
     
    3333sv start ssh-agent-root
    3434}}}
    35  * The target server does not have the latest version of the connecting server's OpenPGP key. Fix: refresh the key, reload the credentials, and test:
     35 * The target server does not have the latest version of the connecting server's OpenPGP key. Fix on the ''target'' server: refresh the key, reload the credentials, and test:
    3636{{{
    3737monkeysphere-authentication refresh-keys <username>
     
    4242Note: The last cat command must produce a file with the connecting server's key or it will never work.
    4343
    44  * The connecting server has not published the latest version of it's key. Fix: determine the keyid of the server's secret key, and then publish it:
     44 * The connecting server has not published the latest version of it's key. Fix on the ''connecting'' server: determine the keyid of the server's secret key, and then publish it:
    4545{{{
    4646gpg --list-secret-key
    4747gpg --keyserver keys.mayfirst.org --send-key <keyid>
    4848}}}
    49  Then, refresh the key on the target (see above).
    50  * The connecting server's OpenPGP key is expired. Fix: extend it:
     49 Then, refresh the key on the ''target'' server (see above).
     50 * The connecting server's OpenPGP key is expired. Fix on the ''connecting'' server: extend it:
    5151{{{
    5252mf-gpg-extend-root-expiration
     
    6161gpg --check-sigs <keyid>
    6262}}}
    63  Then, on the target server, see if any of them match the allowed certifiers:
     63 Then, on the ''target'' server, see if any of them match the allowed certifiers:
    6464{{{
    6565monkeysphere-authentication list-id-certifiers