You got it Alexei, I logged on as user www-data and got the prompt for known hosts... thanks heaps, that made it work ;) Is it intended that openca.tar stays in the RA import directory AFTER an import? I get a denied message at the second update cause the file is still there- added a remove in the import script from the RA and it works - hope that's fine..?!
Thanks heaps, that brings me a lot further! Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alexei Chetroi Sent: Wednesday, February 07, 2007 8:32 PM To: Ideas, tips and discussions about OpenCA installation and management. Subject: Re: [Openca-Users] CA to RA Synchronisation via scp fails On Wed, Feb 07, 2007 at 04:54:22PM +1300, Chris wrote: > Date: Wed, 7 Feb 2007 16:54:22 +1300 > From: Chris <[EMAIL PROTECTED]> > To: [email protected] > Subject: [Openca-Users] CA to RA Synchronisation via scp fails > > I got a test setup on two different machines- RA server and CA Server. > When I'm trying to synchronize them via scp (CA Enroll all to lower..., as > in user docs), the .tar file is being generated, but I get the following > error: [ skip ] > > Host key verification failed. > > lost connection > > When running this command locally, everything works fine, and the data can > be imported into the RA. I did a chmod 777 -R to the /var/www/.ssh/ (u > never know...), which didn't help, either. Have you ran this command locally as root user or as openca user? Make sure /var/www/.ssh/known_hosts actually contains RA host key and is readable by openca proccess, eg have root:openca perms. and 0640 access mode. BTW I wouldn't use home directory for the openca user /var/www. Since $HOME/.ssh contains private key without password, I would set /var/lib/openca (or whatever where you installed openca to) for the home dir and make sure private key is readable by openca only. -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users __________ NOD32 2042 (20070206) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com
<<attachment: winmail.dat>>
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
