Re: [Fwknop-discuss] fwknop GPG error message help
Brought to you by:
mbr
From: Michael R. <mb...@ci...> - 2013-10-14 01:42:00
|
On Oct 13, 2013, Tim Heckman wrote: > Hello, Hello Tim, > I've recently hit a snag in fwknop that's preventing me from being > able to prick a hole through the firewall for SSH access. > > The operating system is Arch Linux, GPG version is 2.0.22, GPGME > version is 1.4.3, and fwknopd version is 2.5.1. > > This was working properly, but I feel like recent package updates may > have caused fwknop to become a bit unhappy. > > === > Oct 13 18:03:41 castor fwknopd[30111]: (stanza #1) SPA Packet from IP: > 108.2.63.123 received with access source match > Oct 13 18:03:42 castor fwknopd[30111]: [108.2.63.123] (stanza #1) > Error creating fko context: Decryption operation failed > Oct 13 18:03:42 castor fwknopd[30111]: [108.2.63.123] (stanza #1) - > GPG ERROR: Bad passphrase > === > > I've confirmed that the passphrase in the configuration file still > works by running `gpg --clearsign /root/tmpfile`. > > Any thoughts or ideas on what this could be caused by? Looks like the gnupg-2.0.22 release hasn't come through in Ubuntu 13.04 yet, but I'll upgrade manually in a VM for testing. Quick question - are the gpg/gpgme/fwknop version numbers the same for the fwknop client system as well in your setup? (You mentioned "fwknopd" 2.5.1 above, so I'm assuming those version numbers are for the SPA server system.) This is an opportunity to add a series of new compatibility tests to the test suite similar to things like this: https://github.com/mrash/fwknop/blob/master/test/tests/rijndael_backwards_compatibility.pl#L94 I'll get some tests going and report back as soon as I have some results. Thanks, --Mike > Cheers! > -Tim |