Hi List, First, thanks to Michael and all the fwknop contributors for this powerful tool! My apology in advance for this long message, but it is mostly command output...
I have been using fwknop to access my public-facing servers for a few months. And while I can access them from several different systems (Debian and Fedora), fwknop is broken on my main computer. This (broken) instance of the fwknop client is running on a current (and consistently updated) Gentoo system (x86_64 architecture). The command I am running (with no previously existing ~/.fwknoprc) is: /usr/local/bin/fwknop --access='tcp/22' --server-port=<server-port-number> --gpg-recipient-key=DC20C8A9 --gpg-signer-key=286EC7BC --gpg-agent --source-ip --destination=<public.hostname> --verbose --allow-ip=<public.i.p.addr> The error I am getting from the above command is: [+] GPG mode set, signing passphrase acquired via gpg-agent fwknop: fko_spa_data_final: Error 102 - Args contain invalid data: FKO_ERROR_INVALID_DATA_ENCRYPT_GPG_RESULT_MSGLEN_VALIDFAIL GPG ERR: Here are some more details: - fwknop from github.com/mrash/fwknop (commit 333302a) fwknop --version says :fwknop client 2.5.1, FKO protocol version 2.0 - gnupg --version says: gpg (GnuPG) 2.0.20 libgcrypt 1.5.3 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8), AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12), CAMELLIA256 (S13) Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9), SHA512 (H10), SHA224 (H11) Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3) - linux kernel (uname -a): Linux fritz.lan 3.10.5-gentoo-r1 #1 SMP PREEMPT Sat Aug 10 11:03:34 CDT 2013 x86_64 Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz GenuineIntel GNU/Linux I have restarted gpg-agent (and even rebooted) several times to ensure it is not something like stale data in the agent. gpg-agent is properly being used to sign things like email and is working with other instances of gpg that I regularly use. I have run fwknop with strace(1) to try to discern where it fails, but it makes little sense to me. I would be happy to post the output of strace. Can someone point me where to look next at troubleshooting this situation? Thanks much! ~David Klann
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
