Project

General

Profile

Support #52912

Update VPN credentials

Added by Justin Caratzas 3 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
User access
Target version:
-
% Done:

0%

Tags:
Reviewed:
Affected Versions:

Description

1) Do you just need VPN access or will you also be running teuthology jobs?
VPN + Teuthology

2) Desired Username:

jcaratza

I have two existing credentials (jcaratza@fedora, jcaratza@laptop). Both can be removed.

3) Alternate e-mail address(es) we can reach you at:


4) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?

If you answered "No" to # 4, please answer the following (paste directly below the question to keep indentation):

4a) Paste a link to a Blueprint or planning doc of yours that was reviewed at a Ceph Developer Monthly.

4b) Paste a link to an accepted pull request for a major patch or feature.

4c) If applicable, include a link to the current project (planning doc, dev branch, or pull request) that you are looking to test.

5) Paste your SSH public key(s) between the pre tags

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAV78mqEy/VkB2BthIE/m7iE5sbTjTRS0KuH7AB0KPvZBsDIw5cL8jKyxiaPC85+aOkBa4LrP0TUFBzN87Snt+PLMz2QHBOvlSTfUuRkHVo3vWJFzVuUSzzddkYds3hAxUriAHKv6CRSy1yFBxP
QQHTSATUHKWqihMElbUCZrrrfH8A7J9vwixzCSLg4KbINjfa77rxefcZwugUqiYiVUWUSOb023f+QEaDm7OP+/uzz3SjF1Y0LMwa75yctttIfkRBKjY7uFCuZdKc3l2A/fdPxbFwlZmIox3LLngdTzHMVXGbVHqq9Ixo8FSAXiI1Buy2LTMoXMJwQ
YSvzsv7xNwujKVlUjoE9cOOIdzCC5AziwSiJB4+tNh73c5tRUzMMC98HLOhPJriSPvOt1pMEdWDX3/evcyxvRgJUKgYnmQG7n8v8O/CLyG0sAJDmGC3U9S/3fUDUjZIKWSsc85Q3xRaJwZJIS2VZwH0zG1Gmynih8PPq7VeDx7tKuNm4uTYT8= bi
gjust@desktop-jsho3l9.lan

6) Paste your hashed VPN credentials between the pre tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword)

jcaratza@desktop EuLHgn133AdN5AhgoByD2Q f769cce8052fd9d208db045d0d14e9370ed1db8bcc1e249b6968344b86f5339b

History

#1 Updated by adam kraitman 3 months ago

  • Category set to User access
  • Status changed from New to In Progress

#2 Updated by adam kraitman 3 months ago

Hey Justin, Are these new/additional or replacement credentials?

Thanks

#3 Updated by Justin Caratzas 3 months ago

Replacement. I want my current two credentials removed, and replaced with this one. I don't have access to either key anymore.

Thanks!

adam kraitman wrote:

Hey Justin, Are these new/additional or replacement credentials?

Thanks

#4 Updated by adam kraitman 3 months ago

Hey Justin, You should have access to the Sepia lab now

Thanks

#5 Updated by Justin Caratzas 3 months ago

everything looks good connecting until its fails with:

sudo openvpn --config /etc/openvpn/client/sepia.conf --cd /etc/openvpn/client --verb 5
2021-10-19 10:09:25 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-10-19 10:09:25 us=207479 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-10-19 10:09:25 us=207833 Current Parameter Settings:
2021-10-19 10:09:25 us=207842   config = '/etc/openvpn/client/sepia.conf'
2021-10-19 10:09:25 us=207848   mode = 0
2021-10-19 10:09:25 us=207852   persist_config = DISABLED
2021-10-19 10:09:25 us=207857   persist_mode = 1
2021-10-19 10:09:25 us=207862   show_ciphers = DISABLED
2021-10-19 10:09:25 us=207866   show_digests = DISABLED
2021-10-19 10:09:25 us=207870   show_engines = DISABLED
2021-10-19 10:09:25 us=207875   genkey = DISABLED
2021-10-19 10:09:25 us=207880   genkey_filename = '[UNDEF]'
2021-10-19 10:09:25 us=207884 NOTE: --mute triggered...
2021-10-19 10:09:25 us=207894 279 variation(s) on previous 10 message(s) suppressed by --mute
2021-10-19 10:09:25 us=207900 OpenVPN 2.5.4 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct  5 2021
2021-10-19 10:09:25 us=207908 library versions: OpenSSL 1.1.1l  FIPS 24 Aug 2021, LZO 2.10
2021-10-19 10:09:25 us=208990 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-19 10:09:25 us=209003 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-19 10:09:25 us=209014 LZO compression initializing
2021-10-19 10:09:25 us=209065 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2021-10-19 10:09:25 us=600155 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2021-10-19 10:09:25 us=600270 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2021-10-19 10:09:25 us=600301 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2021-10-19 10:09:25 us=604415 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194
2021-10-19 10:09:25 us=605083 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-10-19 10:09:25 us=605120 UDP link local: (not bound)
2021-10-19 10:09:25 us=605144 UDP link remote: [AF_INET]8.43.84.129:1194
2021-10-19 10:09:25 us=605162 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
WR2021-10-19 10:09:25 us=637796 TLS: Initial packet from [AF_INET]8.43.84.129:1194, sid=2a5cd5c6 74211b90
WWR2021-10-19 10:09:25 us=675037 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia
2021-10-19 10:09:25 us=675562 VERIFY KU OK
2021-10-19 10:09:25 us=675602 Validating certificate extended key usage
2021-10-19 10:09:25 us=675640 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-19 10:09:25 us=675668 VERIFY EKU OK
2021-10-19 10:09:25 us=675689 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
WRWRWRW2021-10-19 10:09:26 us=782346 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2432 bit RSA, signature: RSA-SHA256
2021-10-19 10:09:26 us=782416 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
2021-10-19 10:09:27 us=854675 SENT CONTROL [openvpn-sepia]: 'PUSH_REQUEST' (status=1)
WRR2021-10-19 10:09:27 us=884826 AUTH: Received control message: AUTH_FAILED
2021-10-19 10:09:27 us=885096 TCP/UDP: Closing socket
2021-10-19 10:09:27 us=885166 SIGTERM[soft,auth-failure] received, process exiting

#6 Updated by adam kraitman 3 months ago

Hey Justin If you re-run the new-client script, It's unfortunately not idempotent so if you re-ran it i need the new credentials If you don't have the output, please re-run it again and send the new string.

#7 Updated by Justin Caratzas 3 months ago

re-ran the script:

jcaratza@desktop cuzkwyPOHdf624kxB4fPMw 3ecc87756cad057656dbf35f90d4b460777f4a9ef574561b53517649ef3ff268

#8 Updated by adam kraitman 3 months ago

Please try now

#9 Updated by Justin Caratzas 3 months ago

  • Status changed from In Progress to Resolved

i have working access now

Also available in: Atom PDF