Actions
Support #41243
closedCannot access Sepia lab
% Done:
0%
Tags:
Reviewed:
Affected Versions:
Description
I recently changed my laptop and I am getting auth failure with previous key.
I did copy the entire sepia directory.
Do I have to generate new keys?
Username: varsha
openvpn debug
# systemctl status openvpn-client@sepia ● openvpn-client@sepia.service - OpenVPN tunnel for sepia Loaded: loaded (/usr/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: disabled) Active: inactive (dead) since Wed 2019-08-14 15:42:58 IST; 16s ago Docs: man:openvpn(8) https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage https://community.openvpn.net/openvpn/wiki/HOWTO Process: 4213 ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config sepia.conf (code=exited, status=0/SUCCESS) Main PID: 4213 (code=exited, status=0/SUCCESS) Status: "Pre-connection initialization successful" Aug 14 15:42:55 localhost.localdomain openvpn[4213]: VERIFY KU OK Aug 14 15:42:55 localhost.localdomain openvpn[4213]: Validating certificate extended key usage Aug 14 15:42:55 localhost.localdomain openvpn[4213]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Aug 14 15:42:55 localhost.localdomain openvpn[4213]: VERIFY EKU OK Aug 14 15:42:55 localhost.localdomain openvpn[4213]: VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia Aug 14 15:42:57 localhost.localdomain openvpn[4213]: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA Aug 14 15:42:57 localhost.localdomain openvpn[4213]: [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194 Aug 14 15:42:58 localhost.localdomain openvpn[4213]: AUTH: Received control message: AUTH_FAILED Aug 14 15:42:58 localhost.localdomain openvpn[4213]: SIGTERM[soft,auth-failure] received, process exiting Aug 14 15:42:58 localhost.localdomain systemd[1]: openvpn-client@sepia.service: Succeeded. # openvpn --config /etc/openvpn/client/sepia.conf --cd /etc/openvpn --verb 5 --auth-nocache Wed Aug 14 15:36:06 2019 us=507862 WARNING: file '/etc/openvpn/client/sepia/tlsauth' is group or others accessible Wed Aug 14 15:36:06 2019 us=507911 Current Parameter Settings: Wed Aug 14 15:36:06 2019 us=507919 config = '/etc/openvpn/client/sepia.conf' Wed Aug 14 15:36:06 2019 us=507926 mode = 0 Wed Aug 14 15:36:06 2019 us=507932 persist_config = DISABLED Wed Aug 14 15:36:06 2019 us=507938 persist_mode = 1 Wed Aug 14 15:36:06 2019 us=507946 show_ciphers = DISABLED Wed Aug 14 15:36:06 2019 us=507953 show_digests = DISABLED Wed Aug 14 15:36:06 2019 us=507961 show_engines = DISABLED Wed Aug 14 15:36:06 2019 us=507967 genkey = DISABLED Wed Aug 14 15:36:06 2019 us=507973 key_pass_file = '[UNDEF]' Wed Aug 14 15:36:06 2019 us=507980 NOTE: --mute triggered... Wed Aug 14 15:36:06 2019 us=507992 273 variation(s) on previous 10 message(s) suppressed by --mute Wed Aug 14 15:36:06 2019 us=508000 OpenVPN 2.4.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019 Wed Aug 14 15:36:06 2019 us=508013 library versions: OpenSSL 1.1.1c FIPS 28 May 2019, LZO 2.08 Wed Aug 14 15:36:06 2019 us=508678 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Aug 14 15:36:06 2019 us=508695 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Aug 14 15:36:06 2019 us=508708 LZO compression initializing Wed Aug 14 15:36:06 2019 us=508776 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] Wed Aug 14 15:36:09 2019 us=521391 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ] Wed Aug 14 15:36:09 2019 us=521537 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' Wed Aug 14 15:36:09 2019 us=521573 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' Wed Aug 14 15:36:09 2019 us=523857 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194 Wed Aug 14 15:36:09 2019 us=524001 Socket Buffers: R=[212992->212992] S=[212992->212992] Wed Aug 14 15:36:09 2019 us=524039 UDP link local: (not bound) Wed Aug 14 15:36:09 2019 us=524065 UDP link remote: [AF_INET]8.43.84.129:1194 Wed Aug 14 15:36:09 2019 us=524085 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay WRWed Aug 14 15:36:10 2019 us=11661 TLS: Initial packet from [AF_INET]8.43.84.129:1194, sid=58b9b2e0 ce9ba61f WWRWed Aug 14 15:36:10 2019 us=527937 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia Wed Aug 14 15:36:10 2019 us=528487 VERIFY KU OK Wed Aug 14 15:36:10 2019 us=528537 Validating certificate extended key usage Wed Aug 14 15:36:10 2019 us=528560 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Wed Aug 14 15:36:10 2019 us=528578 VERIFY EKU OK Wed Aug 14 15:36:10 2019 us=528602 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia WRWRWRWWed Aug 14 15:36:12 2019 us=449501 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2432 bit RSA Wed Aug 14 15:36:12 2019 us=449624 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194 Wed Aug 14 15:36:13 2019 us=542340 SENT CONTROL [openvpn-sepia]: 'PUSH_REQUEST' (status=1) WRRWed Aug 14 15:36:13 2019 us=971109 AUTH: Received control message: AUTH_FAILED Wed Aug 14 15:36:13 2019 us=971484 TCP/UDP: Closing socket Wed Aug 14 15:36:13 2019 us=971587 SIGTERM[soft,auth-failure] received, process exiting
ssh debug
[varsha@localhost ceph]$ ssh -vvv -i ~/.ssh/id_rsa varsha@teuthology.front.sepia.ceph.com OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS 28 May 2019 debug1: Reading configuration data /etc/ssh/ssh_config debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug2: checking match for 'final all' host teuthology.front.sepia.ceph.com originally teuthology.front.sepia.ceph.com debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final' debug2: match not found debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only) debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-] debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1] debug1: configuration requests final Match pass debug1: re-parsing configuration debug1: Reading configuration data /etc/ssh/ssh_config debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug2: checking match for 'final all' host teuthology.front.sepia.ceph.com originally teuthology.front.sepia.ceph.com debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final' debug2: match found debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1-] debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1] debug2: resolving "teuthology.front.sepia.ceph.com" port 22 debug2: ssh_connect_direct debug1: Connecting to teuthology.front.sepia.ceph.com [172.21.0.51] port 22. debug1: connect to address 172.21.0.51 port 22: Connection timed out ssh: connect to host teuthology.front.sepia.ceph.com port 22: Connection timed out
Actions