Discussion:
Error in recon.log
(too old to reply)
TELEHOST Office
2015-02-03 08:40:02 UTC
Permalink
Hello All.

We have just setup a new SKS installation on CentOS 6. Unfortunately it
did not work properly.

2015-02-03 03:56:29 <recon as client> error in callback.: Failure("No
gossip partners available")
2015-02-03 03:57:27 <recon as client> error in callback.: Failure("No
gossip partners available")
2015-02-03 03:58:26 <recon as client> error in callback.: Failure("No
gossip partners available")
2015-02-03 03:59:26 <recon as client> error in callback.: Failure("No
gossip partners available")

After rechecking all hours for hours we decided to move to debian 7 and
just setup a debian sks. We imported a new dump, too and we get:

2015-02-03 03:54:38 <reconciliation handler> error in callback.:
Failure("configuration of remote host (<ADDR_INET [xx.yy.zz.aa]:59141>)
rejected: filters do not match.\n\tlocal filters: [ yminsky.dedup
]\n\tremote filters: [ yminsky.dedup yminsky.merge ]")
<recon as client> error in callback.: Sys_error("Connection reset by
peer")

We are realy frustraded that it seems to be impossible to get it up
without any errors.

All standard tips like cleandb, reimport dump already tested.

Any further tips?

Regards,
Thomas
--
--
TELEHOST Datendienste GmbH
Stadthausstrasse 12
CH-8400 Winterthur
Tel. +41 (0)44 - 515 75 66
Fax. +41 (0)44 - 515 75 67

Sitz der Gesellschaft:
CH-8400 Winterthur
Eingetragen beim Handelsregisteramt des Kantons ZÃŒrich
Handelsregisternummer CHE-317.799.873
GeschÀftsfÌhrer: Francesco Renzo

--
Pete Stephenson
2015-02-03 09:30:02 UTC
Permalink
Post by TELEHOST Office
Hello All.
We have just setup a new SKS installation on CentOS 6. Unfortunately it did
not work properly.
2015-02-03 03:56:29 <recon as client> error in callback.: Failure("No gossip
partners available")
2015-02-03 03:57:27 <recon as client> error in callback.: Failure("No gossip
partners available")
2015-02-03 03:58:26 <recon as client> error in callback.: Failure("No gossip
partners available")
2015-02-03 03:59:26 <recon as client> error in callback.: Failure("No gossip
partners available")
Do you have any two-way peering arrangements with other servers?

That is, you cannot simply add another server to your membership file
and have things work -- the administrator of the other server must
also add your server to establish a two-way peering arrangement.
--
Pete Stephenson
TELEHOST Office
2015-02-03 09:21:06 UTC
Permalink
Dear Pete,

thanksÂŽs for your fast response.

Yes the membership-file is filled with about 40 peerings and accessable
by SKS. Also the syntax of the file was checked.
Post by Pete Stephenson
Post by TELEHOST Office
Hello All.
We have just setup a new SKS installation on CentOS 6. Unfortunately it did
not work properly.
2015-02-03 03:56:29 <recon as client> error in callback.: Failure("No gossip
partners available")
2015-02-03 03:57:27 <recon as client> error in callback.: Failure("No gossip
partners available")
2015-02-03 03:58:26 <recon as client> error in callback.: Failure("No gossip
partners available")
2015-02-03 03:59:26 <recon as client> error in callback.: Failure("No gossip
partners available")
Do you have any two-way peering arrangements with other servers?
That is, you cannot simply add another server to your membership file
and have things work -- the administrator of the other server must
also add your server to establish a two-way peering arrangement.
--
--
TELEHOST Datendienste GmbH
Stadthausstrasse 12
CH-8400 Winterthur
Tel. +41 (0)44 - 515 75 66
Fax. +41 (0)44 - 515 75 67

Sitz der Gesellschaft:
CH-8400 Winterthur
Eingetragen beim Handelsregisteramt des Kantons ZÃŒrich
Handelsregisternummer CHE-317.799.873
GeschÀftsfÌhrer: Francesco Renzo

--
Evert van Harten
2015-02-03 09:46:26 UTC
Permalink
Dear Telehost,

As Pete already said, you cant just fill it without requesting confirms
from the other peers, they have to add you aswell, else it just doesnt work.

Regards,

Evert
Post by TELEHOST Office
Dear Pete,
thanksŽs for your fast response.
Yes the membership-file is filled with about 40 peerings and
accessable by SKS. Also the syntax of the file was checked.
Post by TELEHOST Office
Post by Pete Stephenson
Post by TELEHOST Office
Hello All.
We have just setup a new SKS installation on CentOS 6. Unfortunately it did
not work properly.
Failure("No gossip
Post by TELEHOST Office
Post by Pete Stephenson
Post by TELEHOST Office
partners available")
Failure("No gossip
Post by TELEHOST Office
Post by Pete Stephenson
Post by TELEHOST Office
partners available")
Failure("No gossip
Post by TELEHOST Office
Post by Pete Stephenson
Post by TELEHOST Office
partners available")
Failure("No gossip
Post by TELEHOST Office
Post by Pete Stephenson
Post by TELEHOST Office
partners available")
Do you have any two-way peering arrangements with other servers?
That is, you cannot simply add another server to your membership file
and have things work -- the administrator of the other server must
also add your server to establish a two-way peering arrangement.
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel
Kristian Fiskerstrand
2015-02-03 09:42:50 UTC
Permalink
Post by TELEHOST Office
Hello All.
We have just setup a new SKS installation on CentOS 6.
Unfortunately it did not work properly.
For background, which version of SKS does it ship?
Post by TELEHOST Office
Failure("No gossip partners available")
Do you have any peers in ${BASEDIR}/membership ?
Post by TELEHOST Office
Failure("configuration of remote host (<ADDR_INET
[xx.yy.zz.aa]:59141>) rejected: filters do not match.\n\tlocal
filters: [ yminsky.dedup ]\n\tremote filters: [ yminsky.dedup
Sys_error("Connection reset by peer")
We are realy frustraded that it seems to be impossible to get it
up without any errors.
Impossible except for some recorded 135 online servers? :p
Post by TELEHOST Office
All standard tips like cleandb, reimport dump already tested.
Which version of BDB is installed and linked to sks? what is the BDB
version of the KDB and Ptree environment? What is the number of keys
loaded on the server? fwiw, this issue is most commonly seen when sks
cleandb is not run, anything interesting in clean.log?

- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Uxor formosa et vinum sunt dulcia venena
Beautiful women and wine are sweet venom
TELEHOST Office
2015-02-03 09:30:33 UTC
Permalink
Dear Kristian,

thank you very much for your fast feedback.

Here a copy of the CentOS cleandb-log:

2015-01-31 11:49:03 Hash: 56A881BCB74216F8709FFEE62A0A085B
2015-01-31 11:49:03 Hash: 64BD2DEA21284CB142D9502D655DD588
2015-01-31 11:49:03 Multiple keys found with same ID.
merge_from_hashes called
2015-01-31 11:49:03 Hash: 5BDC703C635488A6E449D626E4B783B2
2015-01-31 11:49:03 Hash: BD582C386E381B241339D65A21E69628
2015-01-31 11:49:03 Completed key merge
2015-02-02 15:50:18 Opening log
2015-02-02 15:50:18 Running SKS 1.1.5
2015-02-02 15:50:18 Opening KeyDB database
2015-02-02 15:50:18 Keydb opened
2015-02-02 15:50:18 Database already deduped
2015-02-02 15:50:18 Database already merged
2015-02-02 15:50:50 Opening log
2015-02-02 15:50:50 Running SKS 1.1.5
2015-02-02 15:50:50 Opening KeyDB database
2015-02-02 15:50:50 Keydb opened
2015-02-02 15:50:50 Database already deduped
2015-02-02 15:50:50 Database already merged

and here on Debian:

2015-02-02 19:25:03 Starting keydump 254
2015-02-02 19:25:06 3820 thousand steps processed
2015-02-02 19:25:07 Starting keydump 255
2015-02-02 19:25:09 3830 thousand steps processed
2015-02-02 19:25:10 doing 0 out of 0 update actions
2015-02-02 19:25:10 Indirect canonicalization complete
2015-02-02 19:25:10 Starting direct canonicalization
2015-02-02 19:25:10 Direct canonicalization complete
2015-02-02 19:25:10 Merging keys in database
2015-02-02 19:25:10 Starting key merge

CentOS version:
2015-01-31 20:21:35 Running SKS 1.1.5

also on Debian 7 installed via apt.

The most intresting thing: On a dedicated machine I got it working - on
the vservers (2 G RAM, 20 GB HDD, 8 core) - with OpenVZ - I get these
errors.

Regards,
Thomas
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Post by TELEHOST Office
Hello All.
We have just setup a new SKS installation on CentOS 6.
Unfortunately it did not work properly.
For background, which version of SKS does it ship?
Post by TELEHOST Office
Failure("No gossip partners available")
Do you have any peers in ${BASEDIR}/membership ?
Post by TELEHOST Office
Failure("configuration of remote host (<ADDR_INET
[xx.yy.zz.aa]:59141>) rejected: filters do not match.\n\tlocal
filters: [ yminsky.dedup ]\n\tremote filters: [ yminsky.dedup
Sys_error("Connection reset by peer")
We are realy frustraded that it seems to be impossible to get it
up without any errors.
Impossible except for some recorded 135 online servers? :p
Post by TELEHOST Office
All standard tips like cleandb, reimport dump already tested.
Which version of BDB is installed and linked to sks? what is the BDB
version of the KDB and Ptree environment? What is the number of keys
loaded on the server? fwiw, this issue is most commonly seen when sks
cleandb is not run, anything interesting in clean.log?
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Uxor formosa et vinum sunt dulcia venena
Beautiful women and wine are sweet venom
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJU0JgSAAoJEP7VAChXwav6ir8H/3lDiutqTKWoB0AJG6DVZA6e
DW7G4sNffQJkT/YMdyIJRaA3z/7pJ8tqVlss7jFoUGng7AREsqrnFmic6MmjJwSV
NnM36pgWIcAh6OW1dTwwHCoF3uRlOCK0H7b55f8vOZ7esnTJlgtzXkpVykv1FiQe
rAcf6crFajOx2nFPdckSPxcjFwj5OolXuBBmjhGbGjy2SAsg8yaEmCuIlQ1IkLnj
6lkF66qR9XV2wLQupXLJz92Y3a6SK8PrGnSHGQ+gCeq0GLG2qOjRDRzum60NBIt8
p8BXoT16c20YKByUsR/RBCectkazZUfRJckb6j6oOxw7Yo3DSu2nYh5ib0kTpiI=
=QN2s
-----END PGP SIGNATURE-----
--
--
TELEHOST Datendienste GmbH
Stadthausstrasse 12
CH-8400 Winterthur
Tel. +41 (0)44 - 515 75 66
Fax. +41 (0)44 - 515 75 67

Sitz der Gesellschaft:
CH-8400 Winterthur
Eingetragen beim Handelsregisteramt des Kantons ZÃŒrich
Handelsregisternummer CHE-317.799.873
GeschÀftsfÌhrer: Francesco Renzo

--
Kristian Fiskerstrand
2015-02-03 10:00:42 UTC
Permalink
Post by TELEHOST Office
Dear Kristian,
thank you very much for your fast feedback.
No problem, but please do not top-post, it makes following the thread
very difficult and is, in general, bad form.
..
Post by TELEHOST Office
2015-02-02 15:50:50 Database already deduped 2015-02-02 15:50:50
Database already merged
This indicates that merging is done
Post by TELEHOST Office
CentOS version: 2015-01-31 20:21:35 Running SKS 1.1.5
also on Debian 7 installed via apt.
The most intresting thing: On a dedicated machine I got it working
- on the vservers (2 G RAM, 20 GB HDD, 8 core) - with OpenVZ - I
get these errors.
Are you using an init script? if so what happens if you try running
sks as root from the basedir directly?

what is the output of `sks version`? Anything interesting in db.log?
Try setting debuglevel: 10 in sksconf to increase verbosity.

Never tried an install in OpenVZ before, it works quite nicely in
virtual machine environments though (I have SKS guest instances
installed in Gentoo VMS hypervised by both qemu+kvm as well as HyperV,
and now we don't even need a jiffie workaround...)

- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"There is no urge so great as for one man to edit another man's work."
(Mark Twain)
TELEHOST Office
2015-02-03 19:22:04 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Post by TELEHOST Office
Dear Kristian,
thank you very much for your fast feedback.
No problem, but please do not top-post, it makes following the thread
very difficult and is, in general, bad form.
Sorry changed mail settings.
..
Post by TELEHOST Office
2015-02-02 15:50:50 Database already deduped 2015-02-02 15:50:50
Database already merged
This indicates that merging is done
Post by TELEHOST Office
CentOS version: 2015-01-31 20:21:35 Running SKS 1.1.5
also on Debian 7 installed via apt.
The most intresting thing: On a dedicated machine I got it working
- on the vservers (2 G RAM, 20 GB HDD, 8 core) - with OpenVZ - I
get these errors.
Are you using an init script? if so what happens if you try running
sks as root from the basedir directly?
I am already trying as root :-)
what is the output of `sks version`? Anything interesting in db.log?
Try setting debuglevel: 10 in sksconf to increase verbosity.
sks version on CentOS 6:
[***@keyserver ~]# sks version
SKS version 1.1.5
Compiled with Ocaml version 3.11.2 and BDB version 4.7.25
This SKS version has a minimum compatibility requirement for recon of
SKS 0.1.5
Further details about the BDB environment can be seen by executing
db4.7_stat -x in the KDB and Ptree directories

[***@keyserver ~]# tail -f /var/sks/recon.log
2015-02-03 14:23:03 <recon as client> error in callback.: Failure("No
gossip partners available")
2015-02-03 14:24:03 <recon as client> error in callback.: Failure("No
gossip partners available")
2015-02-03 14:25:02 <recon as client> error in callback.: Failure("No
gossip partners available")
2015-02-03 14:26:04 <recon as client> error in callback.: Failure("No
gossip partners available")
2015-02-03 14:27:05 <recon as client> error in callback.: Failure("No
gossip partners available")

[***@keyserver ~]# tail -f /var/sks/db.log
2015-02-03 14:31:56 <mail transmit keys> error in callback.:
Failure("No partners specified")
2015-02-03 14:32:06 <mail transmit keys> error in callback.:
Failure("No partners specified")
2015-02-03 14:32:16 <mail transmit keys> error in callback.:
Failure("No partners specified")
2015-02-03 14:32:26 <mail transmit keys> error in callback.:
Failure("No partners specified")

[***@keyserver ~]# tail -f /var/sks/clean.log
2015-02-02 15:50:18 Opening KeyDB database
2015-02-02 15:50:18 Keydb opened
2015-02-02 15:50:18 Database already deduped
2015-02-02 15:50:18 Database already merged
2015-02-02 15:50:50 Opening log
2015-02-02 15:50:50 Running SKS 1.1.5
2015-02-02 15:50:50 Opening KeyDB database
2015-02-02 15:50:50 Keydb opened
2015-02-02 15:50:50 Database already deduped
2015-02-02 15:50:50 Database already merged

[***@keyserver ~]# tail -f /var/sks/build.log
2015-01-31 06:56:47 Opening log
2015-01-31 06:56:47 Running SKS 1.1.5
2015-01-31 06:56:47 Opening KeyDB database
2015-01-31 20:21:35 Opening log
2015-01-31 20:21:35 Running SKS 1.1.5

Init-Script shipped with package:

***@gpg:~# cat /etc/init.d/sks
#!/bin/sh -e
#
### BEGIN INIT INFO
# Provides: sks
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
### END INIT INFO
#
# Start/stops the sks daemons.
#
#

# Reads config file
[ -r /etc/default/sks ] && . /etc/default/sks

DAEMON=/usr/sbin/sks
SKSDBPID=/var/run/sks/sksdb.pid
SKSRECONPID=/var/run/sks/sksrecon.pid

# See if the daemon is there
...

Debuglevel already set to 10 (in etc/sks/sksconf

# debuglevel 3 is default (max. debuglevel is 10)
debuglevel: 10

-other server:-

on debian 7:
***@gpg:~# sks version
Unknown command version

debian 7:
***@gpg:~# tail -f /var/log/sks/recon.log
2015-02-03 14:19:00 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-03 14:19:59 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-03 14:21:02 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-03 14:22:05 <recon as client> error in callback.:
Sys_error("Connection reset by peer")

***@gpg:~# tail -f /var/log/sks/db.log
2015-02-03 10:26:15 Checkpointing database
2015-02-03 10:26:15 Checkpointing complete
2015-02-03 11:26:15 Checkpointing database

***@gpg:~# tail -f /var/log/sks/clean.log
2015-02-02 19:25:03 Starting keydump 254
2015-02-02 19:25:06 3820 thousand steps processed
2015-02-02 19:25:07 Starting keydump 255
2015-02-02 19:25:09 3830 thousand steps processed
2015-02-02 19:25:10 doing 0 out of 0 update actions
2015-02-02 19:25:10 Indirect canonicalization complete
2015-02-02 19:25:10 Starting direct canonicalization
2015-02-02 19:25:10 Direct canonicalization complete
2015-02-02 19:25:10 Merging keys in database
2015-02-02 19:25:10 Starting key merge

***@gpg:~# tail -f /var/log/sks/build.log
2015-02-02 16:27:04 Opening log
2015-02-02 16:27:04 Opening KeyDB database
2015-02-02 16:27:55 Opening log
2015-02-02 19:03:17 Opening log
2015-02-02 19:05:09 Opening log

Using default etc/init.d/sks which is shipped with package:

***@gpg:~# cat /etc/init.d/sks
#!/bin/sh -e
#
### BEGIN INIT INFO
# Provides: sks
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
### END INIT INFO
#
# Start/stops the sks daemons.
#
#

# Reads config file
[ -r /etc/default/sks ] && . /etc/default/sks

DAEMON=/usr/sbin/sks
SKSDBPID=/var/run/sks/sksdb.pid
SKSRECONPID=/var/run/sks/sksrecon.pid

...

with debuglevel10:

***@gpg:~# tail -f /var/log/sks/recon.log
2015-02-03 14:39:14 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 14:39:18 Unmarshalling: LogResp: 0 events
2015-02-03 14:39:18 Fetching filters
2015-02-03 14:39:18 Marshalling: Config(s,none)
2015-02-03 14:39:18 Unmarshalling: Filters(yminsky.dedup)
2015-02-03 14:39:18 Starting event loop
2015-02-03 14:39:18 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 14:39:18 Unmarshalling: LogResp: 0 events
2015-02-03 14:40:13 Unmarshalling: LogResp: 0 events
2015-02-03 14:40:17 Membership: (xxx.yyy.com 11370)[], (xxx.yyy.lu
11370)[], ...
2015-02-03 14:40:17 address for keyserver.xxx.yyy:11370 changed from []
to [<ADDR_INET [w.x.y.z]:11370>, <ADDR_INET [2a01:x:y:z::2]:11370>]
2015-02-03 14:40:17 Recon partner: <ADDR_INET [w.x.y.z]:11370>
2015-02-03 14:40:20 <recon as client> error in callback.: Unix error:
No route to host - connect()
2015-02-03 14:40:22 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 14:40:22 Unmarshalling: LogResp: 0 events
2015-02-03 14:40:27 Marshalling: LogQuery: (5000,0.000000)

Hope that helps.

Regards,
Thomas
Never tried an install in OpenVZ before, it works quite nicely in
virtual machine environments though (I have SKS guest instances
installed in Gentoo VMS hypervised by both qemu+kvm as well as HyperV,
and now we don't even need a jiffie workaround...)
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"There is no urge so great as for one man to edit another man's work."
(Mark Twain)
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJU0JxDAAoJEP7VAChXwav6iAAH/2tYMdMctEZNLSHLlB2zkwO8
+XPMhvbn6hTlPZxJKrDtuEribO0f4BdXsqDSj2WEhNBrOtMSu80iT+IQpGaLRF9R
fk7oBREGJuTat6uqNUJjqDxHOyYbfvqCeiSEozuws5c3D/grj3g5ich8D/NpePL1
AmeUezyYsA3CZVIr58DBIdYRPUonU8QgCPpFDzI3UnCyWnhTF5cqfjv/WgXJKEUO
6ZB0oHUU6TClF/MCjmVk4eRjq2tCjGjdfNZXh3v+YrW6Jwjf0W1a541hj0cpPZXq
XDJrajEyGOomtG4nj/42xYgqHQr5/PP3s0JGPM1tXBwKYKm4TVilnepw0t6wpnU=
=Nzt6
-----END PGP SIGNATURE-----
--
--
TELEHOST Datendienste GmbH
Stadthausstrasse 12
CH-8400 Winterthur
Tel. +41 (0)44 - 515 75 66
Fax. +41 (0)44 - 515 75 67

Sitz der Gesellschaft:
CH-8400 Winterthur
Eingetragen beim Handelsregisteramt des Kantons ZÃŒrich
Handelsregisternummer CHE-317.799.873
GeschÀftsfÌhrer: Francesco Renzo

--
Kristian Fiskerstrand
2015-02-03 19:57:38 UTC
Permalink
Am 2015-02-03 11:00, schrieb Kristian Fiskerstrand: On 02/03/2015
Post by TELEHOST Office
Dear Kristian,
..
14:23:03 <recon as client> error in callback.: Failure("No gossip
partners available")
No valid peer in membership file, as pointed out by someone in earlier
post, you will need to have peers that also accept your server (i.e.
including your server in the membership file)
<mail transmit keys> error in callback.: Failure("No partners
specified")
this is fine, this was used for PKS sync, stop it using
"disable_mailsync:" in sksconf
-other server:-
ok, this indicate an older sks version than 1.1.4, and will likely
have issues in a VM environment unless taking special care of jiffie
timing issues.
Sys_error("Connection reset by peer")
Likely you're not authorized to peer with that host, or it is already
gossiping with someone else. Are you included in the peer's membership
file?
Marshalling: LogQuery: (5000,0.000000) 2015-02-03 14:39:18
Unmarshalling: LogResp: 0 events 2015-02-03 14:39:18 Fetching
filters 2015-02-03 14:39:18 Marshalling: Config(s,none)
2015-02-03 14:39:18 Unmarshalling: Filters(yminsky.dedup)
2015-02-03 14:39:18 Starting event loop 2015-02-03 14:39:18
Marshalling: LogQuery: (5000,0.000000) 2015-02-03 14:39:18
Unmarshalling: LogResp: 0 events 2015-02-03 14:40:13
(xxx.yyy.com 11370)[], (xxx.yyy.lu 11370)[], ... 2015-02-03
14:40:17 address for keyserver.xxx.yyy:11370 changed from [] to
[<ADDR_INET [w.x.y.z]:11370>, <ADDR_INET [2a01:x:y:z::2]:11370>]
2015-02-03 14:40:17 Recon partner: <ADDR_INET [w.x.y.z]:11370>
2015-02-03 14:40:20 <recon as client> error in callback.: Unix
error: No route to host - connect()
Is IPv6 working on your host? if not you should disable it completely


- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Ubi mel ibi apes
Where there's honey, there are bees
Pete Stephenson
2015-02-03 20:05:20 UTC
Permalink
On Tue, Feb 3, 2015 at 8:57 PM, Kristian Fiskerstrand
Post by Kristian Fiskerstrand
14:23:03 <recon as client> error in callback.: Failure("No gossip
partners available")
No valid peer in membership file, as pointed out by someone in earlier
post, you will need to have peers that also accept your server (i.e.
including your server in the membership file)
This is further evidenced by the fact that there's no SKS server with
a telehost.ch name showing up in the SKS Keyserver Status page. If the
server was peered with another public server, it'd appear there.

That said, I'd be happy to peer with Telehost if they send me the
relevant information for my membership file. My information is:

ams.sks.heypete.com 11370 # Pete Stephenson ***@heypete.com 0x85EB9F44

Cheers!
-Pete
--
Pete Stephenson
Kristian Fiskerstrand
2015-02-03 20:09:30 UTC
Permalink
Post by Pete Stephenson
On Tue, Feb 3, 2015 at 8:57 PM, Kristian Fiskerstrand
Post by Kristian Fiskerstrand
Post by TELEHOST Office
14:23:03 <recon as client> error in callback.: Failure("No
gossip partners available")
No valid peer in membership file, as pointed out by someone in
earlier post, you will need to have peers that also accept your
server (i.e. including your server in the membership file)
This is further evidenced by the fact that there's no SKS server
with a telehost.ch name showing up in the SKS Keyserver Status
page. If the server was peered with another public server, it'd
appear there.
yes and no... Although you're likely correct; it could be a case of an
erroneous hostname specified in sksconf making it disqualify.

- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Qui audet vincit
Who dares wins
TELEHOST Office
2015-02-03 19:46:14 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Post by TELEHOST Office
Dear Kristian,
thank you very much for your fast feedback.
No problem, but please do not top-post, it makes following the thread
very difficult and is, in general, bad form.
..
Post by TELEHOST Office
2015-02-02 15:50:50 Database already deduped 2015-02-02 15:50:50
Database already merged
This indicates that merging is done
Post by TELEHOST Office
CentOS version: 2015-01-31 20:21:35 Running SKS 1.1.5
also on Debian 7 installed via apt.
The most intresting thing: On a dedicated machine I got it working
- on the vservers (2 G RAM, 20 GB HDD, 8 core) - with OpenVZ - I
get these errors.
Are you using an init script? if so what happens if you try running
sks as root from the basedir directly?
what is the output of `sks version`? Anything interesting in db.log?
Try setting debuglevel: 10 in sksconf to increase verbosity.
Never tried an install in OpenVZ before, it works quite nicely in
virtual machine environments though (I have SKS guest instances
installed in Gentoo VMS hypervised by both qemu+kvm as well as HyperV,
and now we don't even need a jiffie workaround...)
Now I have edited membership file on both servers for a test.

The only entry is on server1 server2 and on server2 server1.

Result:

CentOS:

[***@keyserver ~]# /etc/init.d/sks start
Starting SKS: sks_db sks_recon.
[***@keyserver ~]# tail -f /var/sks/recon.log
2015-02-03 15:04:02 <recon as client> error in callback.: Failure("No
gossip partners available")
2015-02-03 15:04:55 DB closed
2015-02-03 15:05:09 Opening log
2015-02-03 15:05:09 sks_recon, SKS version 1.1.5
2015-02-03 15:05:09 Using BerkelyDB version 4.7.25
2015-02-03 15:05:09 Copyright Yaron Minsky 2002-2013
2015-02-03 15:05:09 Licensed under GPL. See LICENSE file for details
2015-02-03 15:05:09 Opening PTree database
2015-02-03 15:05:09 Setting up PTree data structure
2015-02-03 15:05:09 PTree setup complete
2015-02-03 15:05:59 Unable to get mtime for membership file. Can't
decide whether to reload
2015-02-03 15:05:59 Reconciliation attempt from unauthorized host
<ADDR_INET [194.0.229.60]:49786>. Ignoring
2015-02-03 15:06:12 <recon as client> error in callback.: Failure("No
gossip partners available")

Debian:

***@gpg:~# /etc/init.d/sks start
Starting sks daemons: sksdb.. sksrecon.. done.
***@gpg:~# tail -f /var/log/sks/recon.log
2015-02-03 15:05:01 PTree setup complete
2015-02-03 15:05:01 Initiating catchup
2015-02-03 15:05:01 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:01 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:01 Fetching filters
2015-02-03 15:05:01 Marshalling: Config(s,none)
2015-02-03 15:05:01 Unmarshalling: Filters(yminsky.dedup)
2015-02-03 15:05:01 Starting event loop
2015-02-03 15:05:01 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:01 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:06 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:06 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:11 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:11 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:16 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:16 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:21 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:21 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:26 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:26 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:31 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:31 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:36 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:36 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:41 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:41 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:46 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:46 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:51 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:51 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:56 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:05:56 Unmarshalling: LogResp: 0 events
2015-02-03 15:05:59 Membership: (keyserver2.gpg.directory 11370)[]
2015-02-03 15:05:59 address for keyserver2.gpg.directory:11370 changed
from [] to [<ADDR_INET [194.0.229.61]:11370>]
2015-02-03 15:05:59 Recon partner: <ADDR_INET [194.0.229.61]:11370>
2015-02-03 15:05:59 Initiating reconciliation
2015-02-03 15:05:59 Marshalling: Config
2015-02-03 15:05:59 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-03 15:06:01 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:06:01 Unmarshalling: LogResp: 0 events
2015-02-03 15:06:06 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:06:06 Unmarshalling: LogResp: 0 events
2015-02-03 15:06:11 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 15:06:11 Unmarshalling: LogResp: 0 events

As you see - both servers now are in the same subnet, connected
directly via switch.

Did not understand what happens here ...

Thomas
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"There is no urge so great as for one man to edit another man's work."
(Mark Twain)
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJU0JxDAAoJEP7VAChXwav6iAAH/2tYMdMctEZNLSHLlB2zkwO8
+XPMhvbn6hTlPZxJKrDtuEribO0f4BdXsqDSj2WEhNBrOtMSu80iT+IQpGaLRF9R
fk7oBREGJuTat6uqNUJjqDxHOyYbfvqCeiSEozuws5c3D/grj3g5ich8D/NpePL1
AmeUezyYsA3CZVIr58DBIdYRPUonU8QgCPpFDzI3UnCyWnhTF5cqfjv/WgXJKEUO
6ZB0oHUU6TClF/MCjmVk4eRjq2tCjGjdfNZXh3v+YrW6Jwjf0W1a541hj0cpPZXq
XDJrajEyGOomtG4nj/42xYgqHQr5/PP3s0JGPM1tXBwKYKm4TVilnepw0t6wpnU=
=Nzt6
-----END PGP SIGNATURE-----
--
--
TELEHOST Datendienste GmbH
Stadthausstrasse 12
CH-8400 Winterthur
Tel. +41 (0)44 - 515 75 66
Fax. +41 (0)44 - 515 75 67

Sitz der Gesellschaft:
CH-8400 Winterthur
Eingetragen beim Handelsregisteramt des Kantons ZÃŒrich
Handelsregisternummer CHE-317.799.873
GeschÀftsfÌhrer: Francesco Renzo

--
Kristian Fiskerstrand
2015-02-03 20:19:57 UTC
Permalink
Am 2015-02-03 11:00, schrieb Kristian Fiskerstrand: On 02/03/2015
Post by TELEHOST Office
Post by TELEHOST Office
Dear Kristian,
thank you very much for your fast feedback.
No problem, but please do not top-post, it makes following the
thread very difficult and is, in general, bad form.
..
Post by TELEHOST Office
2015-02-03 15:05:59 Unable to get mtime for membership file.
Can't decide whether to reload
Are you sure you have the membership file in the correct location?
Also, what is the explicit content of the file and can you connect to
the peer on tcp ports 11370,11371 and potentially another port
provided for HKP (see /pks/lookup?op=stats).

Is this server accessible somewhere? I tried connecting to
http://194.0.229.61:11371/pks/lookup?op=stats and ditto for
194.0.229.60 without getting a connection at least so you would be
unable to peer with outside servers.

Can you telnet between the servers on port 11370 (or whatever other
port is specified in the membership file, and the HKP transport (as
well as 11371 for default HKP)?
Post by TELEHOST Office
As you see - both servers now are in the same subnet, connected
directly via switch.
Did not understand what happens here ...
Thomas
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"Whenever you find yourself on the side of the majority, it is time to
pause and reflect."
(Mark Twain)
TELEHOST Office
2015-02-03 20:39:40 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Am 2015-02-03 11:00, schrieb Kristian Fiskerstrand: On 02/03/2015
Post by TELEHOST Office
Post by TELEHOST Office
Dear Kristian,
thank you very much for your fast feedback.
No problem, but please do not top-post, it makes following the
thread very difficult and is, in general, bad form.
..
Post by TELEHOST Office
2015-02-03 15:05:59 Unable to get mtime for membership file.
Can't decide whether to reload
Are you sure you have the membership file in the correct location?
Also, what is the explicit content of the file and can you connect to
the peer on tcp ports 11370,11371 and potentially another port
provided for HKP (see /pks/lookup?op=stats).
Both distris have the membership located in /etc/sks/membership.

[***@keyserver sks]# ls -al
total 24
drwxr-xr-x 2 sks sks 4096 Feb 3 15:04 .
drwxr-xr-x 66 root root 4096 Feb 2 16:16 ..
-rw-r--r-- 1 sks sks 2333 Jan 30 08:25 mailsync
-rw-r--r-- 1 sks sks 36 Feb 3 15:04 membership
-rw-r--r-- 1 root root 1319 Feb 3 15:03 membership_original
-rw-r--r-- 1 sks sks 2591 Feb 2 15:44 sksconf
Is this server accessible somewhere? I tried connecting to
http://194.0.229.61:11371/pks/lookup?op=stats and ditto for
194.0.229.60 without getting a connection at least so you would be
unable to peer with outside servers.
Can you telnet between the servers on port 11370 (or whatever other
port is specified in the membership file, and the HKP transport (as
well as 11371 for default HKP)?
I can connect to each server from the other side. There is no firewall.

Chain INPUT (policy ACCEPT)

num target prot opt source destination

Chain FORWARD (policy ACCEPT)

num target prot opt source destination

Chain OUTPUT (policy ACCEPT)

num target prot opt source destination

***@gpg:/etc/sks# ping 194.0.229.61
PING 194.0.229.61 (194.0.229.61) 56(84) bytes of data.
64 bytes from 194.0.229.61: icmp_req=1 ttl=64 time=0.019 ms
64 bytes from 194.0.229.61: icmp_req=2 ttl=64 time=0.017 ms
64 bytes from 194.0.229.61: icmp_req=3 ttl=64 time=0.018 ms
^C
--- 194.0.229.61 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.017/0.018/0.019/0.000 ms

[***@keyserver sks]# ping 194.0.229.60
PING 194.0.229.60 (194.0.229.60) 56(84) bytes of data.
64 bytes from 194.0.229.60: icmp_seq=1 ttl=64 time=0.028 ms
64 bytes from 194.0.229.60: icmp_seq=2 ttl=64 time=0.017 ms
^C
--- 194.0.229.60 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1925ms
rtt min/avg/max/mdev = 0.017/0.022/0.028/0.007 ms

I can also establish every port between both enginges (ssh ...)

194.0.229.61 was not open to public (CentOS). Public avaiable is
194.0.229.60.

I granted access for testing to 194.0.229.61 now, too.

So on both engines port 80, 11370 and 11371 are open to public.

Want to have SSH? There's nothing else than SKS on both engines.

Regards,
Thomas
Post by TELEHOST Office
As you see - both servers now are in the same subnet, connected
directly via switch.
Did not understand what happens here ...
Thomas
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"Whenever you find yourself on the side of the majority, it is time to
pause and reflect."
(Mark Twain)
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJU0S1oAAoJEP7VAChXwav6q/cH/RSI89Ktrz4hu6Cp/ZnzOP97
Vbv77lLxel/iEIo7UpmtWjrC27RsbSFm7uGOSb3rseqggtKs6T4W5KybN1kN37q2
svorgLd4GZ87cQnVXmwytgC7fIujSJ6sDP95yjmYLnTS9UJjKsvAnpKeSqXbrkBL
z42CIL6LkNW8zXpIsBXygXBlVbxjAlNnJFRXuoEo3opM6T8INFTAsohRsYx3IHwG
P9eYNOJ2wkvZoV74hPGJldj9uUSKV9tI2zL/ovrRMpgWTPYfAGCe8LTKgq2JCX7s
2XiWro7/V/nIGdogIM7krMIwI9yXw0dfan5WW7+kSxsKNOYaSp7Ix64E5nFouyc=
=oGn+
-----END PGP SIGNATURE-----
--
--
TELEHOST Datendienste GmbH
Stadthausstrasse 12
CH-8400 Winterthur
Tel. +41 (0)44 - 515 75 66
Fax. +41 (0)44 - 515 75 67

Sitz der Gesellschaft:
CH-8400 Winterthur
Eingetragen beim Handelsregisteramt des Kantons ZÃŒrich
Handelsregisternummer CHE-317.799.873
GeschÀftsfÌhrer: Francesco Renzo

--
Kristian Fiskerstrand
2015-02-03 21:09:08 UTC
Permalink
Am 2015-02-03 21:19, schrieb Kristian Fiskerstrand: On 02/03/2015
Post by TELEHOST Office
Am 2015-02-03 11:00, schrieb Kristian Fiskerstrand: On
Post by TELEHOST Office
Dear Kristian,
Both distris have the membership located in /etc/sks/membership.
Unless centos is doing something with the package that is likely
wrong, it should be in the SKS basedir.
Post by TELEHOST Office
4096 Feb 3 15:04 . drwxr-xr-x 66 root root 4096 Feb 2 16:16 ..
-rw-r--r-- 1 sks sks 2333 Jan 30 08:25 mailsync -rw-r--r-- 1
sks sks 36 Feb 3 15:04 membership -rw-r--r-- 1 root root
1319 Feb 3 15:03 membership_original -rw-r--r-- 1 sks sks
2591 Feb 2 15:44 sksconf
Is this server accessible somewhere? I tried connecting to
http://194.0.229.61:11371/pks/lookup?op=stats and ditto for
194.0.229.60 without getting a connection at least so you would be
unable to peer with outside servers.
Post by TELEHOST Office
194.0.229.61 was not open to public (CentOS). Public avaiable is
194.0.229.60.
telnet 194.0.229.60 11371
Trying 194.0.229.60...
... timeout
Post by TELEHOST Office
I granted access for testing to 194.0.229.61 now, too.
So on both engines port 80, 11370 and 11371 are open to public.
telnet 194.0.229.61 11371
Trying 194.0.229.61...

timeout
Post by TELEHOST Office
Want to have SSH? There's nothing else than SKS on both engines.
not really, should be able to figure this out without it.

- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Aut dosce, aut disce, aut discede
Either teach, or study, or leave
TELEHOST Office
2015-02-03 21:31:40 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Am 2015-02-03 21:19, schrieb Kristian Fiskerstrand: On 02/03/2015
Post by TELEHOST Office
Am 2015-02-03 11:00, schrieb Kristian Fiskerstrand: On
Post by TELEHOST Office
Dear Kristian,
Both distris have the membership located in /etc/sks/membership.
Unless centos is doing something with the package that is likely
wrong, it should be in the SKS basedir.
Ah :-) new result.

Moved to /var/sks on CentOS and now I get:

2015-02-03 16:33:17 <reconciliation handler> error in callback.:
Failure("configuration of remote host (<ADDR_INET [194.0.229.60]:35325>)
rejected: filters do not match.\n\tlocal filters: [ yminsky.dedup
yminsky.merge ]\n\tremote filters: [ yminsky.dedup ]")
2015-02-03 16:34:16 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-03 16:34:18 <reconciliation handler> error in callback.:
Failure("configuration of remote host (<ADDR_INET [194.0.229.60]:37578>)
rejected: filters do not match.\n\tlocal filters: [ yminsky.dedup
yminsky.merge ]\n\tremote filters: [ yminsky.dedup ]")
2015-02-03 16:35:13 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-03 16:35:19 <reconciliation handler> error in callback.:
Failure("configuration of remote host (<ADDR_INET [194.0.229.60]:46073>)
rejected: filters do not match.\n\tlocal filters: [ yminsky.dedup
yminsky.merge ]\n\tremote filters: [ yminsky.dedup ]")
...
2015-02-03 16:45:35 <reconciliation handler> error in callback.:
Failure("configuration of remote host (<ADDR_INET [194.0.229.60]:56597>)
rejected: filters do not match.\n\tlocal filters: [ yminsky.dedup
yminsky.merge ]\n\tremote filters: [ yminsky.dedup ]")
2015-02-03 16:47:23 <recon as client> callback timed out.
2015-02-03 16:49:05 <recon as client> callback timed out.
2015-02-03 16:50:52 <recon as client> callback timed out.

gossip errors disappeared ... but no other lines inside log.
Post by TELEHOST Office
4096 Feb 3 15:04 . drwxr-xr-x 66 root root 4096 Feb 2 16:16 ..
-rw-r--r-- 1 sks sks 2333 Jan 30 08:25 mailsync -rw-r--r-- 1
sks sks 36 Feb 3 15:04 membership -rw-r--r-- 1 root root
1319 Feb 3 15:03 membership_original -rw-r--r-- 1 sks sks
2591 Feb 2 15:44 sksconf
Is this server accessible somewhere? I tried connecting to
http://194.0.229.61:11371/pks/lookup?op=stats and ditto for
194.0.229.60 without getting a connection at least so you would be
unable to peer with outside servers.
Post by TELEHOST Office
194.0.229.61 was not open to public (CentOS). Public avaiable is
194.0.229.60.
telnet 194.0.229.60 11371
Trying 194.0.229.60...
... timeout
Post by TELEHOST Office
I granted access for testing to 194.0.229.61 now, too.
So on both engines port 80, 11370 and 11371 are open to public.
telnet 194.0.229.61 11371
Trying 194.0.229.61...
timeout
very strange ... other connections works well (even sks peerings):

16:32:26.270246 IP keyserver.xxx.yyy.54268 > gpg.directory.11370: Flags
[.], ack 1, win 229, options [nop,nop,TS val 607276213 ecr 563290285],
length 0
16:32:26.270268 IP keyserver.xxx.yyy.54268 > gpg.directory.11370: Flags
[P.], seq 1:131, ack 1, win 229, options [nop,nop,TS val 607276213 ecr
563290285], length 130
16:32:26.270274 IP gpg.directory.11370 > ulmo.erat.systems.54268: Flags
[.], ack 131, win 122, options [nop,nop,TS val 563290311 ecr 607276213],
length 0
16:32:26.270366 IP gpg.directory.11370 > ulmo.erat.systems.54268: Flags
[R.], seq 1, ack 131, win 122, options [nop,nop,TS val 563290311 ecr
607276213], length 0
16:32:26.286354 IP google-public-dns-a.google.com.domain >
gpg.directory.58124: 4966 1/0/0 PTR ulmo.erat.systems. (73)
16:32:33.551854 IP gpg.directory.45305 >
google-public-dns-a.google.com.domain: 2332+ A?
keyserver2.gpg.directory. (42)
16:32:33.551875 IP gpg.directory.45305 >
google-public-dns-a.google.com.domain: 7122+ AAAA?
keyserver2.gpg.directory. (42)
16:32:33.570504 IP google-public-dns-a.google.com.domain >
gpg.directory.45305: 7122 0/1/0 (125)
16:32:33.586650 IP google-public-dns-a.google.com.domain >
gpg.directory.45305: 2332 1/0/0 A 194.0.229.61 (58)
16:32:33.586754 IP gpg.directory.35325 > 194.0.229.61.11370: Flags [S],
seq 1358898085, win 14600, options [mss 1460,sackOK,TS val 563297628 ecr
0,nop,wscale 7], length 0
16:32:33.586771 IP 194.0.229.61.11370 > gpg.directory.35325: Flags
[S.], seq 2785559846, ack 1358898086, win 14480, options [mss
1460,sackOK,TS val 563297628 ecr 563297628,nop,wscale 7], length 0

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State User Inode PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 0 349063 1917/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 0 348771 1545/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN 0 348974 1826/exim4
tcp 0 0 0.0.0.0:11370 0.0.0.0:*
LISTEN 0 430926 3262/sks
tcp 0 0 0.0.0.0:11371 0.0.0.0:*
LISTEN 0 430918 3261/sks
tcp6 0 0 :::22 :::*
LISTEN 0 348773 1545/sshd
tcp6 0 0 ::1:25 :::*
LISTEN 0 348975 1826/exim4

I also copied membership to /var/lib/sks on debian - new result:

2015-02-03 16:47:58 Recon partner: <ADDR_INET [www.xxx.yyy.zzz]:11370>
2015-02-03 16:47:59 Initiating reconciliation
2015-02-03 16:47:59 Marshalling: Config
2015-02-03 16:47:59 Unmarshalling: Config
2015-02-03 16:47:59 <recon as client> error in callback.:
Failure("configuration of remote host (<ADDR_INET
[www.xxx.yyy.zzz]:11370>) rejected: filters do not match.\n\tlocal
filters: [ yminsky.dedup ]\n\tremote filters: [ yminsky.dedup
yminsky.merge ]")
2015-02-03 16:48:02 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 16:48:02 Unmarshalling: LogResp: 0 events
2015-02-03 16:48:07 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 16:48:07 Unmarshalling: LogResp: 0 events
...
2015-02-03 16:50:05 Recon partner: <ADDR_INET [ww.xx.yyy.zzz]:11370>
2015-02-03 16:50:50 <recon as client> callback timed out.
2015-02-03 16:50:50 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 16:50:50 Unmarshalling: LogResp: 0 events
2015-02-03 16:50:55 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 16:50:55 Unmarshalling: LogResp: 0 events
...
2015-02-03 16:51:50 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 16:51:50 Unmarshalling: LogResp: 0 events
2015-02-03 16:51:51 Recon partner: <ADDR_INET [www.xx.yy.z]:11370>
2015-02-03 16:51:51 Initiating reconciliation
2015-02-03 16:51:51 Marshalling: Config
2015-02-03 16:51:51 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-03 16:51:56 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 16:51:56 Unmarshalling: LogResp: 0 events
...
2015-02-03 16:52:51 Recon partner: <ADDR_INET [ww.xxx.y.zz]:11370>
2015-02-03 16:52:51 Initiating reconciliation
2015-02-03 16:52:51 Marshalling: Config
2015-02-03 16:52:51 Unmarshalling: Config
2015-02-03 16:52:51 <recon as client> error in callback.:
Failure("configuration of remote host (<ADDR_INET [ww.xxx.y.zz]:11370>)
rejected: filters do not match.\n\tlocal filters: [ yminsky.dedup
]\n\tremote filters: [ yminsky.dedup yminsky.merge ]")
2015-02-03 16:52:56 Marshalling: LogQuery: (5000,0.000000)
2015-02-03 16:52:56 Unmarshalling: LogResp: 0 events
Post by TELEHOST Office
Want to have SSH? There's nothing else than SKS on both engines.
not really, should be able to figure this out without it.
Can you provide me with your IP that I can check firewalls and IDS.

Glad ... now somethings seems to happen when moving membership files
:-) not perfect but much more than before :-)
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Aut dosce, aut disce, aut discede
Either teach, or study, or leave
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJU0TjtAAoJEP7VAChXwav6zuoH/RxHarKRSi89adgUqv4Vf4mZ
i5jYbwtkJJex7DVWRN03ZDwFB4sOJoQoo3Ur9BRH1OX8n1G6GBmcJ/hz5UdJhNW3
RHBhrpIAfb4FQ08KoOSmxgn1nWOZd05wWFvSMUfoSL5SRpVOr+gvG66qi+fSBW22
K/sM56nEWFiETvrxsJt8Bw+lnGVkiIP7prFCgWUUltk2tgODiX9t+rxgrbOyx3Cn
PXeA1s5F/Wj014/AimL3jR/xKfVFzB0fBFADHZT/awauZB/96ZpJ7PXnMZuG41Md
/+h1Ar18l3emZTecvHlHdXIejXuK/Fp78red+YLiz80atNsiM8eYustDKA/pweI=
=Fne3
-----END PGP SIGNATURE-----
--
--
TELEHOST Datendienste GmbH
Stadthausstrasse 12
CH-8400 Winterthur
Tel. +41 (0)44 - 515 75 66
Fax. +41 (0)44 - 515 75 67

Sitz der Gesellschaft:
CH-8400 Winterthur
Eingetragen beim Handelsregisteramt des Kantons ZÃŒrich
Handelsregisternummer CHE-317.799.873
GeschÀftsfÌhrer: Francesco Renzo

--
Kristian Fiskerstrand
2015-02-03 22:45:38 UTC
Permalink
Am 2015-02-03 22:09, schrieb Kristian Fiskerstrand: On 02/03/2015
Post by TELEHOST Office
Am 2015-02-03 21:19, schrieb Kristian Fiskerstrand: On
Am 2015-02-03 11:00, schrieb Kristian Fiskerstrand: On
Post by TELEHOST Office
Dear Kristian,
Failure("configuration of remote host (<ADDR_INET
[194.0.229.60]:35325>) rejected: filters do not match.\n\tlocal
filters: [ yminsky.dedup yminsky.merge ]\n\tremote filters: [
yminsky.dedup ]") 2015-02-03 16:34:16 <recon as client> error in
Failure("configuration of remote host (<ADDR_INET
[194.0.229.60]:56597>) rejected: filters do not match.\n\tlocal
filters: [ yminsky.dedup yminsky.merge ]\n\tremote filters: [
yminsky.dedup ]") 2015-02-03 16:47:23 <recon as client> callback
timed out. 2015-02-03 16:49:05 <recon as client> callback timed
out. 2015-02-03 16:50:52 <recon as client> callback timed out.
Try running sks cleandb from within the basedir


- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Veni vidi velcro
I came, I saw, I got stuck
Daniel Kahn Gillmor
2015-02-04 05:51:12 UTC
Permalink
Post by Kristian Fiskerstrand
Try running sks cleandb from within the basedir
I just wanted to point out that when these sort of recommendations are
made, they usually mean for you to do this as whatever user your sks
daemon usually runs as, and not as the superuser. That is, please make
sure you don't do this as root.

doing operations like this as root can sometimes create files with the
wrong ownership or permissions, so that when the daemon launches again
as its normal non-privileged user, it's unable to read or modify them as
needed.

Sorry if this is old news to everyone reading this, but i thought it
might be worth clarifying.

--dkg
TELEHOST Office
2015-02-04 08:19:22 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Am 2015-02-03 22:09, schrieb Kristian Fiskerstrand: On 02/03/2015
Post by TELEHOST Office
Am 2015-02-03 21:19, schrieb Kristian Fiskerstrand: On
Am 2015-02-03 11:00, schrieb Kristian Fiskerstrand: On
Post by TELEHOST Office
Dear Kristian,
Failure("configuration of remote host (<ADDR_INET
[194.0.229.60]:35325>) rejected: filters do not match.\n\tlocal
filters: [ yminsky.dedup yminsky.merge ]\n\tremote filters: [
yminsky.dedup ]") 2015-02-03 16:34:16 <recon as client> error in
Failure("configuration of remote host (<ADDR_INET
[194.0.229.60]:56597>) rejected: filters do not match.\n\tlocal
filters: [ yminsky.dedup yminsky.merge ]\n\tremote filters: [
yminsky.dedup ]") 2015-02-03 16:47:23 <recon as client> callback
timed out. 2015-02-03 16:49:05 <recon as client> callback timed
out. 2015-02-03 16:50:52 <recon as client> callback timed out.
Try running sks cleandb from within the basedir
Good morning. Ok Kristian ...

Did clean db on CentOS in basedir.

No output on console.

recon.log:

2015-02-04 03:23:01 address for keyserver.brian.minton.name:11370
changed from [] to [<ADDR_INET [75.75.183.132]:11370>, <ADDR_INET
[2001:4830:1600:50a::2]:11370>]
2015-02-04 03:23:03 address for keyserver.erat.systems:11370 changed
from [] to [<ADDR_INET [5.9.143.170]:11370>, <ADDR_INET
[2a01:4f8:190:22a4::2]:11370>]
2015-02-04 03:23:45 <recon as client> callback timed out.
2015-02-04 03:24:44 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-04 03:26:32 <recon as client> callback timed out.
2015-02-04 03:28:18 <recon as client> callback timed out.
2015-02-04 03:30:05 <recon as client> callback timed out.
...
015-02-04 03:24:44 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-04 03:26:32 <recon as client> callback timed out.
2015-02-04 03:28:18 <recon as client> callback timed out.
2015-02-04 03:30:05 <recon as client> callback timed out.
2015-02-04 03:31:48 <recon as client> callback timed out.
2015-02-04 03:33:31 <recon as client> callback timed out.
2015-02-04 03:34:33 <recon as client> error in callback.:
Sys_error("Connection reset by peer")

db.log:

2015-02-04 03:37:51 Failed to find mtime, can't decide whether to load
mailsync file
2015-02-04 03:37:51 <mail transmit keys> error in callback.:
Failure("No partners specified")
2015-02-04 03:38:01 Failed to find mtime, can't decide whether to load
mailsync file
2015-02-04 03:38:01 <mail transmit keys> error in callback.:
Failure("No partners specified")
2015-02-04 03:38:11 Failed to find mtime, can't decide whether to load
mailsync file
2015-02-04 03:38:11 <mail transmit keys> error in callback.:
Failure("No partners specified")
2015-02-04 03:38:21 Failed to find mtime, can't decide whether to load
mailsync file
2015-02-04 03:38:21 <mail transmit keys> error in callback.:
Failure("No partners specified")
2015-02-04 03:38:31 Failed to find mtime, can't decide whether to load
mailsync file
2015-02-04 03:38:31 <mail transmit keys> error in callback.:
Failure("No partners specified")

clean.log:

2015-01-31 11:49:03 Multiple keys found with same ID.
merge_from_hashes called
2015-01-31 11:49:03 Hash: 5BDC703C635488A6E449D626E4B783B2
2015-01-31 11:49:03 Hash: BD582C386E381B241339D65A21E69628
2015-01-31 11:49:03 Completed key merge
2015-02-02 15:50:18 Opening log
2015-02-02 15:50:18 Running SKS 1.1.5
2015-02-02 15:50:18 Opening KeyDB database
2015-02-02 15:50:18 Keydb opened
2015-02-02 15:50:18 Database already deduped
2015-02-02 15:50:18 Database already merged
2015-02-02 15:50:50 Opening log
2015-02-02 15:50:50 Running SKS 1.1.5
2015-02-02 15:50:50 Opening KeyDB database
2015-02-02 15:50:50 Keydb opened
2015-02-02 15:50:50 Database already deduped
2015-02-02 15:50:50 Database already merged
2015-02-04 03:21:11 Opening log
2015-02-04 03:21:11 Running SKS 1.1.5
2015-02-04 03:21:11 Opening KeyDB database
2015-02-04 03:21:11 Keydb opened
2015-02-04 03:21:11 Database already deduped
2015-02-04 03:21:11 Database already merged



and tried sks cleandb on Debian 7:

***@gpg:/var/lib/sks# sks cleandb
Fatal error: exception Not_found

recon.log:

2015-02-04 03:31:56 address for keyserver.www.xxx.yyyy:11370 changed
from [] to [<ADDR_INET [ww.xx.yyy.zzz]:11370>, <ADDR_INET
[2001:...a::2]:11370>]
2015-02-04 03:31:56 address for keyserver.yyy.zzz:11370 changed from []
to [<ADDR_INET [w.x.yyy.zzz]:11370>, <ADDR_INET [2a01:...::2]:11370>]
2015-02-04 03:31:56 Recon partner: <ADDR_INET [www.xxx.yyy.zz]:11370>
2015-02-04 03:31:56 Initiating reconciliation
2015-02-04 03:31:56 Marshalling: Config
2015-02-04 03:31:56 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-04 03:31:56 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:31:56 Unmarshalling: LogResp: 0 events
2015-02-04 03:32:01 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:32:01 Unmarshalling: LogResp: 0 events
2015-02-04 03:32:06 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:32:06 Unmarshalling: LogResp: 0 events
2015-02-04 03:32:11 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:32:11 Unmarshalling: LogResp: 0 events
...
015-02-04 03:32:56 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:32:56 Unmarshalling: LogResp: 0 events
2015-02-04 03:32:58 Recon partner: <ADDR_INET [www.xxx.yy.zzz]:11370>
2015-02-04 03:32:58 Initiating reconciliation
2015-02-04 03:32:58 Marshalling: Config
2015-02-04 03:32:58 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2015-02-04 03:33:01 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:33:01 Unmarshalling: LogResp: 0 events
2015-02-04 03:33:06 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:33:06 Unmarshalling: LogResp: 0 events
...
2015-02-04 03:34:43 Beginning recon as server, client: <ADDR_INET
[www.xxx.yyy.z]:59091>
2015-02-04 03:34:43 Joining reconciliation
2015-02-04 03:34:43 Marshalling: Config
2015-02-04 03:34:43 Unmarshalling: Config
2015-02-04 03:34:43 <reconciliation handler> error in callback.:
Failure("configuration of remote host (<ADDR_INET
[www.xxx.yyy.z]:59091>) rejected: filters do not match.\n\tlocal
filters: [ yminsky.dedup ]\n\tremote filters: [ yminsky.dedup
yminsky.merge ]")
2015-02-04 03:34:43 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:34:43 Unmarshalling: LogResp: 0 events
2015-02-04 03:34:48 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:34:48 Unmarshalling: LogResp: 0 events
...
2015-02-04 03:35:40 Recon partner: <ADDR_INET [ww.xxx.yyy.zzz]:11370>
2015-02-04 03:35:40 Initiating reconciliation
2015-02-04 03:35:40 Marshalling: Config
2015-02-04 03:35:40 Unmarshalling: Config
2015-02-04 03:35:40 <recon as client> error in callback.:
Failure("configuration of remote host (<ADDR_INET
[ww.xxx.yyy.zzz]:11370>) rejected: filters do not match.\n\tlocal
filters: [ yminsky.dedup ]\n\tremote filters: [ yminsky.dedup
yminsky.merge ]")
2015-02-04 03:35:43 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:35:43 Unmarshalling: LogResp: 0 events
2015-02-04 03:35:48 Marshalling: LogQuery: (5000,0.000000)
2015-02-04 03:35:48 Unmarshalling: LogResp: 0 events

db.log

2015-02-04 03:22:03 Unmarshalling: LogQuery: (5000,0.000000)
2015-02-04 03:22:03 Marshalling: LogResp: 0 events
2015-02-04 03:22:08 Unmarshalling: LogQuery: (5000,0.000000)
2015-02-04 03:22:08 Marshalling: LogResp: 0 events
2015-02-04 03:22:11 checking for key emails
2015-02-04 03:22:13 Unmarshalling: LogQuery: (5000,0.000000)
2015-02-04 03:22:13 Marshalling: LogResp: 0 events
2015-02-04 03:22:14 Shutting down database
2015-02-04 03:22:14 Database sync'd
2015-02-04 03:22:14 Database checkpointed
2015-02-04 03:22:14 Database closed
2015-02-04 03:30:51 Opening log
2015-02-04 03:30:51 sks_db, SKS version 1.1.3
2015-02-04 03:30:51 Copyright Yaron Minsky 2002, 2003, 2004
2015-02-04 03:30:51 Licensed under GPL. See COPYING file for details
2015-02-04 03:30:51 http port: 11371
2015-02-04 03:30:51 Membership: (keyserver2.gpg.directory 11370)[],
(sks-server.
...
2015-02-04 03:36:25 checking for key emails
2015-02-04 03:36:28 Unmarshalling: LogQuery: (5000,0.000000)
2015-02-04 03:36:28 Marshalling: LogResp: 0 events
2015-02-04 03:36:33 Unmarshalling: LogQuery: (5000,0.000000)
2015-02-04 03:36:33 Marshalling: LogResp: 0 events
2015-02-04 03:36:35 checking for key emails
2015-02-04 03:36:38 Unmarshalling: LogQuery: (5000,0.000000)
2015-02-04 03:36:38 Marshalling: LogResp: 0 events
2015-02-04 03:36:45 checking for key emails
2015-02-04 03:36:55 checking for key emails
2015-02-04 03:37:05 checking for key emails
2015-02-04 03:37:15 checking for key emails

clean.log:

2015-02-02 19:25:06 3820 thousand steps processed
2015-02-02 19:25:07 Starting keydump 255
2015-02-02 19:25:09 3830 thousand steps processed
2015-02-02 19:25:10 doing 0 out of 0 update actions
2015-02-02 19:25:10 Indirect canonicalization complete
2015-02-02 19:25:10 Starting direct canonicalization
2015-02-02 19:25:10 Direct canonicalization complete
2015-02-02 19:25:10 Merging keys in database
2015-02-02 19:25:10 Starting key merge
2015-02-04 03:22:25 Opening log
2015-02-04 03:22:25 Opening KeyDB database
2015-02-04 03:22:25 Keydb opened
2015-02-04 03:22:25 Database already deduped
2015-02-04 03:22:25 Merging keys in database
2015-02-04 03:22:25 Starting key merge
2015-02-04 03:24:00 Opening log
2015-02-04 03:24:00 Opening KeyDB database
2015-02-04 03:24:01 Keydb opened
2015-02-04 03:24:01 Database already deduped
2015-02-04 03:24:01 Merging keys in database
2015-02-04 03:24:01 Starting key merge
2015-02-04 03:28:29 Opening log
2015-02-04 03:28:29 Opening KeyDB database
2015-02-04 03:28:29 Keydb opened
2015-02-04 03:28:29 Database already deduped
2015-02-04 03:28:29 Merging keys in database
2015-02-04 03:28:29 Starting key merge
2015-02-04 03:30:29 Opening log
2015-02-04 03:30:29 Opening KeyDB database
2015-02-04 03:30:29 Keydb opened
2015-02-04 03:30:29 Database already deduped
2015-02-04 03:30:29 Merging keys in database
2015-02-04 03:30:29 Starting key merge



Greetings,
Thomas
cocksure
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Veni vidi velcro
I came, I saw, I got stuck
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJU0U+OAAoJEP7VAChXwav6j64H/ivX6ddDsSqcEimiek+xGE2m
8C7AQt/SyfD7lwiFb6Wgycrxn6TRlgv+3EYVWXQGm6cfVmrFgWPf9nAwzeEXhDt+
qu+hLyfkOG/XBm3/Z//oLCHXn30I18+UHmIpkC+3eQofrgkrlkdG3Fg5hoE4hUsh
jCGG3noSym7khLeA9ssIz0hqLumCLAqGfw+iYeLSiUAEecZsTjP9Z5GivCtJFVOf
K7qxR2Z0QjeWoLku0qK6Hf4uVgcqBIOVZdkoavTjZLjyWaLuV/MyErDIHG+jyCdI
Ly0NMOfxkSwSNOLu9QlpXqjewR9GhfTLNuX/prGbgjAqPrWGzqVdgr0BtxFlgDo=
=fhjF
-----END PGP SIGNATURE-----
--
--
TELEHOST Datendienste GmbH
Stadthausstrasse 12
CH-8400 Winterthur
Tel. +41 (0)44 - 515 75 66
Fax. +41 (0)44 - 515 75 67

Sitz der Gesellschaft:
CH-8400 Winterthur
Eingetragen beim Handelsregisteramt des Kantons ZÃŒrich
Handelsregisternummer CHE-317.799.873
GeschÀftsfÌhrer: Francesco Renzo

--
Andreas Puls
2015-02-03 21:49:47 UTC
Permalink
Hey all,
Post by Kristian Fiskerstrand
Post by Kristian Fiskerstrand
Post by TELEHOST Office
Both distris have the membership located in /etc/sks/membership.
Unless centos is doing something with the package that is likely
wrong, it should be in the SKS basedir.
Debian do it the same way.
Configfiles (incl. membership) under /etc/sks/
Post by Kristian Fiskerstrand
Post by Kristian Fiskerstrand
Post by TELEHOST Office
4096 Feb 3 15:04 . drwxr-xr-x 66 root root 4096 Feb 2 16:16 ..
-rw-r--r-- 1 sks sks 2333 Jan 30 08:25 mailsync -rw-r--r-- 1
sks sks 36 Feb 3 15:04 membership -rw-r--r-- 1 root root
1319 Feb 3 15:03 membership_original -rw-r--r-- 1 sks sks
2591 Feb 2 15:44 sksconf
$ ls -la /etc/sks/
total 32
drwxr-xr-x 2 root root 4096 Feb 3 22:39 .
drwxr-xr-x 57 root root 4096 Feb 3 22:42 ..
-rw-r--r-- 1 root root 19 Oct 8 2013 forward.exim
-rw-r--r-- 1 root root 26 Oct 8 2013 forward.postfix
-rw-r--r-- 1 root root 620 Dec 25 2013 mailsync
-rw-r--r-- 1 root root 2955 Feb 3 22:39 membership
-rw-r--r-- 1 root root 77 Oct 8 2013 procmail
-rw-r--r-- 1 root root 1295 Dec 29 2013 sksconf
Post by Kristian Fiskerstrand
Post by Kristian Fiskerstrand
Is this server accessible somewhere? I tried connecting to
http://194.0.229.61:11371/pks/lookup?op=stats and ditto for
194.0.229.60 without getting a connection at least so you would be
unable to peer with outside servers.
Post by TELEHOST Office
194.0.229.61 was not open to public (CentOS). Public avaiable is
194.0.229.60.
telnet 194.0.229.60 11371
Trying 194.0.229.60...
... timeout
what is the output for netstat -tulpn ?
Did you see something like this ?
tcp 0 0 151.236.7.175:11370 0.0.0.0:*
LISTEN 1468/sks
tcp 0 0 151.236.7.175:11371 0.0.0.0:*
LISTEN 1582/lighttpd
tcp 0 0 127.0.0.1:11371 0.0.0.0:*
LISTEN 1467/sks
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 1582/lighttpd
tcp6 0 0 2a03:f80:ed15:ed1:11370 :::*
LISTEN 1468/sks
tcp6 0 0 2a03:f80:ed15:ed1:11371 :::*
LISTEN 1582/lighttpd
tcp6 0 0 ::1:11371 :::*
LISTEN 1467/sks
tcp6 0 0 :::80 :::*
LISTEN 1582/lighttpd
Post by Kristian Fiskerstrand
Post by Kristian Fiskerstrand
Post by TELEHOST Office
I granted access for testing to 194.0.229.61 now, too.
So on both engines port 80, 11370 and 11371 are open to public.
telnet 194.0.229.61 11371
Trying 194.0.229.61...
timeout
Post by Kristian Fiskerstrand
Post by TELEHOST Office
Want to have SSH? There's nothing else than SKS on both engines.
not really, should be able to figure this out without it.
kind regards
andreas
Continue reading on narkive:
Loading...