It's working fine now, and I definitely will implement your suggestions in the production environment... Thanks!
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joachim Schrod Sent: Thursday, February 08, 2007 12:01 AM To: Ideas, tips and discussions about OpenCA installation and management. Subject: Re: [Openca-Users] CA to RA Synchronisation via scp fails >>>>> Chris writes: > I got a test setup on two different machines- RA server and CA > Server. When I'm trying to synchronize them via scp (CA Enroll all > to lower., as in user docs), the .tar file is being generated, but > I get the following error: > /usr/bin/scp -i /var/www/.ssh/id_rsa > /usr/local/openca/openca/var/tmp/openca.tar > [EMAIL PROTECTED]:/usr/local/OpenCA/var/tmp/ > Export failed! > 256 > Host key verification failed. > lost connection That's because the ssh host key -- which is used to check the identity of 192.168.25.131 -- is only known at your personal account, but neither for the Web server's account nor system wide. I recommend to make it known system wide: -- As the user where the scp succeeds, execute grep '192.168.25.131' ~/.ssh/known_hosts >/tmp/ra.pub -- As root, execute cat /tmp/ra.pub >>/etc/ssh/ssh_known_hosts (This is on Linux, on other Unix system, this file might be named /etc/ssh_known_hosts. But /var/www smells like Linux. :-) As an aside, do NOT chmod 777 /var/www/.ssh; this causes a severe security problem. Keep it on 755 or on 700. I assume that you know how to place private and public keys at wwwrun and [EMAIL PROTECTED] If not, come back to this list and ask. Hope this helps, Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: [EMAIL PROTECTED] Roedermark, Germany ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users __________ NOD32 2043 (20070207) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
