Support #52912
closedUpdate VPN credentials
0%
Description
1) Do you just need VPN access or will you also be running teuthology jobs?
VPN + Teuthology
2) Desired Username:
jcaratza
I have two existing credentials (jcaratza@fedora, jcaratza@laptop). Both can be removed.
3) Alternate e-mail address(es) we can reach you at:
jcaratza@redhat.com
justin.caratzas@gmail.com
4) If you don't already have an established history of code contributions to Ceph, is there an existing community or core developer you've worked with who has reviewed your work and can vouch for your access request?
If you answered "No" to # 4, please answer the following (paste directly below the question to keep indentation):
4a) Paste a link to a Blueprint or planning doc of yours that was reviewed at a Ceph Developer Monthly.
4b) Paste a link to an accepted pull request for a major patch or feature.
4c) If applicable, include a link to the current project (planning doc, dev branch, or pull request) that you are looking to test.
5) Paste your SSH public key(s) between the pre tags
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAV78mqEy/VkB2BthIE/m7iE5sbTjTRS0KuH7AB0KPvZBsDIw5cL8jKyxiaPC85+aOkBa4LrP0TUFBzN87Snt+PLMz2QHBOvlSTfUuRkHVo3vWJFzVuUSzzddkYds3hAxUriAHKv6CRSy1yFBxP QQHTSATUHKWqihMElbUCZrrrfH8A7J9vwixzCSLg4KbINjfa77rxefcZwugUqiYiVUWUSOb023f+QEaDm7OP+/uzz3SjF1Y0LMwa75yctttIfkRBKjY7uFCuZdKc3l2A/fdPxbFwlZmIox3LLngdTzHMVXGbVHqq9Ixo8FSAXiI1Buy2LTMoXMJwQ YSvzsv7xNwujKVlUjoE9cOOIdzCC5AziwSiJB4+tNh73c5tRUzMMC98HLOhPJriSPvOt1pMEdWDX3/evcyxvRgJUKgYnmQG7n8v8O/CLyG0sAJDmGC3U9S/3fUDUjZIKWSsc85Q3xRaJwZJIS2VZwH0zG1Gmynih8PPq7VeDx7tKuNm4uTYT8= bi gjust@desktop-jsho3l9.lan
6) Paste your hashed VPN credentials between the pre tags (Format: user@hostname 22CharacterSalt 65CharacterHashedPassword)
jcaratza@desktop EuLHgn133AdN5AhgoByD2Q f769cce8052fd9d208db045d0d14e9370ed1db8bcc1e249b6968344b86f5339b
Updated by adam kraitman over 2 years ago
- Category set to User access
- Status changed from New to In Progress
Updated by adam kraitman over 2 years ago
Hey Justin, Are these new/additional or replacement credentials?
Thanks
Updated by Justin Caratzas over 2 years ago
Replacement. I want my current two credentials removed, and replaced with this one. I don't have access to either key anymore.
Thanks!
adam kraitman wrote:
Hey Justin, Are these new/additional or replacement credentials?
Thanks
Updated by adam kraitman over 2 years ago
Hey Justin, You should have access to the Sepia lab now
Thanks
Updated by Justin Caratzas over 2 years ago
everything looks good connecting until its fails with:
sudo openvpn --config /etc/openvpn/client/sepia.conf --cd /etc/openvpn/client --verb 5
2021-10-19 10:09:25 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-10-19 10:09:25 us=207479 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-10-19 10:09:25 us=207833 Current Parameter Settings:
2021-10-19 10:09:25 us=207842 config = '/etc/openvpn/client/sepia.conf'
2021-10-19 10:09:25 us=207848 mode = 0
2021-10-19 10:09:25 us=207852 persist_config = DISABLED
2021-10-19 10:09:25 us=207857 persist_mode = 1
2021-10-19 10:09:25 us=207862 show_ciphers = DISABLED
2021-10-19 10:09:25 us=207866 show_digests = DISABLED
2021-10-19 10:09:25 us=207870 show_engines = DISABLED
2021-10-19 10:09:25 us=207875 genkey = DISABLED
2021-10-19 10:09:25 us=207880 genkey_filename = '[UNDEF]'
2021-10-19 10:09:25 us=207884 NOTE: --mute triggered...
2021-10-19 10:09:25 us=207894 279 variation(s) on previous 10 message(s) suppressed by --mute
2021-10-19 10:09:25 us=207900 OpenVPN 2.5.4 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 5 2021
2021-10-19 10:09:25 us=207908 library versions: OpenSSL 1.1.1l FIPS 24 Aug 2021, LZO 2.10
2021-10-19 10:09:25 us=208990 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-19 10:09:25 us=209003 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-19 10:09:25 us=209014 LZO compression initializing
2021-10-19 10:09:25 us=209065 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2021-10-19 10:09:25 us=600155 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2021-10-19 10:09:25 us=600270 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2021-10-19 10:09:25 us=600301 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2021-10-19 10:09:25 us=604415 TCP/UDP: Preserving recently used remote address: [AF_INET]8.43.84.129:1194
2021-10-19 10:09:25 us=605083 Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-10-19 10:09:25 us=605120 UDP link local: (not bound)
2021-10-19 10:09:25 us=605144 UDP link remote: [AF_INET]8.43.84.129:1194
2021-10-19 10:09:25 us=605162 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
WR2021-10-19 10:09:25 us=637796 TLS: Initial packet from [AF_INET]8.43.84.129:1194, sid=2a5cd5c6 74211b90
WWR2021-10-19 10:09:25 us=675037 VERIFY OK: depth=1, O=Redhat, CN=openvpnca-sepia
2021-10-19 10:09:25 us=675562 VERIFY KU OK
2021-10-19 10:09:25 us=675602 Validating certificate extended key usage
2021-10-19 10:09:25 us=675640 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-19 10:09:25 us=675668 VERIFY EKU OK
2021-10-19 10:09:25 us=675689 VERIFY OK: depth=0, O=Redhat, CN=openvpn-sepia
WRWRWRW2021-10-19 10:09:26 us=782346 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2432 bit RSA, signature: RSA-SHA256
2021-10-19 10:09:26 us=782416 [openvpn-sepia] Peer Connection Initiated with [AF_INET]8.43.84.129:1194
2021-10-19 10:09:27 us=854675 SENT CONTROL [openvpn-sepia]: 'PUSH_REQUEST' (status=1)
WRR2021-10-19 10:09:27 us=884826 AUTH: Received control message: AUTH_FAILED
2021-10-19 10:09:27 us=885096 TCP/UDP: Closing socket
2021-10-19 10:09:27 us=885166 SIGTERM[soft,auth-failure] received, process exiting
Updated by adam kraitman over 2 years ago
Hey Justin If you re-run the new-client script, It's unfortunately not idempotent so if you re-ran it i need the new credentials If you don't have the output, please re-run it again and send the new string.
Updated by Justin Caratzas over 2 years ago
re-ran the script:
jcaratza@desktop cuzkwyPOHdf624kxB4fPMw 3ecc87756cad057656dbf35f90d4b460777f4a9ef574561b53517649ef3ff268
Updated by Justin Caratzas over 2 years ago
- Status changed from In Progress to Resolved
i have working access now