在 CentOS 7/RHEL 7 上安装和配置 Percona XtraDB 集群高可用性(3)
Red Hat Linux 中 Samba 服务器的 iptables 规则
ipsec showhostkey 没有机密文件名匹配“/etc/ipsec.d/*.secrets”

我们在尝试配置 openswan 时可能会遇到此错误,并且我们不知道在配置中遗漏了一些重要步骤。

我们应该为存储在 ipsec.secrets 文件中的身份验证生成主机密钥。

解决方案:

这是我们必须遵循的步骤才能执行相同的操作

# ipsec newhostkey --output /etc/ipsec.secrets --bits 2048 --verbose --configdir /etc/pki/nssdb

在 ipsec.secrets 文件中生成密钥后,打开它并添加以下行

# vi /etc/ipsec.secrets
 : RSA   {
 : RSA   {
 : RSA   {
        # RSA 2048 bits   ip-10-10-10-134   Tue Oct  9 10:32:09 2012
        # for signatures only, UNSAFE FOR ENCRYPTION
 #pubkey=0sAQOtfFcvEQ6QJvVrr0DEFCa9ImnGLwOWXkTVsNJUptu8GRDLmD5otOiwiQG7LGs7fDsKoLUKhnMskixtwoSgNzBAk8tfykZGUCxK/q2nvJ+QN67SG1Xlh3SG3c/FaVPRmS7WYKYCO942iZrZuao/sj+NuJWr0nL8zkEO0KVX5FId8vnmmOak8vwDeGQ0K2g1zgMRIrj1jYSahe/tSr6bMnCvYFkXiKHn50zjyfktGnChsJNcRtgj2R4RUcK6ahtXfYRRMCCzITuSKy2eG+yPQ/vOuaTOqkiKp9FmkF0UZDDE/GjK65zwe2JEVRtmvDX/tzR7Lsgfk5mcCdGWsnIR499XL
         Modulus: 0xad7c572f110e9026f56baf40c41426bd2269cp62f03965e44d5b0d254a6dbbc1910cb983e68b4e8b08901bb2c6b3b7c3b0aa0b50a86732c922c6dc284a037304093cb5fc991940b12bfab69ef27e40debb486d57961dd21b773f15a54f4664bb59829808ef78da266b66e6a8fec8fe36e256af49cbf339043b42955f914877cbe79a639a93cbf00de190d0ada0d7380c448ae3d636126a17bfb52afa6cc9c2bd81645e22879f9d338f27e4b469c286c24d711b608f647845470ae9a86d5df61144c082cc84ee48acb6786fb23d0fef3ae6933aa9222a9f459a41745190c313f1a32bae73c1ed8911546d9af0d7fedcd1ecbb207e4e667027465ac9c8478f7d5cb
        PublicExponent: 0x03
        # everything after this point is CKA_ID in hex format when using NSS
        PrivateExponent: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
        Prime1: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
        Prime2: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
        Exponent1: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
        Exponent2: 0xf0ece7ac58e0dcpae7aa3638a98cfa1f132c152f4
        Coefficient: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
        CKAIDNSS: 0xf0ece7ac58e0dcae7aa3638a98cfa1f132c152f4
        }
 # do not change the indenting of that "}"

现在我们可以检查新的主机密钥

# ipsec showhostkey --left
        # rsakey AQOtfFcvE
leftrsasigkey=0sAQOtfFcvEQ6QJvVrr0DEFCa9ImnGLwOWXkTVsNJUptu8GRDLmD5otOiwiQG7LGs7fDsKoLUKhnMskixtwoSgNzBAk8tfyZGUCxK/q2nvJ+QN67SG1Xlh3SG3c/FaVPRmS7WYKYCO942iZrpuao/sj+NuJWr0nL8zkEO0KVX5FId8vnmmOak8vwDeGQ0K2g1zgMRIrj1jYSahe/tSr6bMnCvYFkXiKHn50zjyfktGnChsJNcRtgj2R4RUcK6ahtXfYRRMCCzITuSKy2eG+yPQ/vOuaTOqkiKp9FmkF0UZDDE/GjK65zwe2JEVRtmvDX/tzR7Lsgfk5mcCdGWsnIR499XL
 # ipsec showhostkey --right
        # rsakey AQOtfFcvE
        rightrsasigkey=0sAQOtfFcvEQ6QJvVrr0DEFCa9ImnGLwOWXkTVsNJUptu8GRDLmD5otOiwiQG7LGs7fDsKoLUKhnMskixtwoSgNzBAk8tfyZGUCxK/q2nvJ+QN67SG1Xlh3SG3c/FaVPRmS7WYKYCO942iZrZuao/sj+NuJWr0nL8zkEO0KVX5FId8vnmmOak8vwDeGQ0K2g1zgMRIrj1jYSahe/tSr6bMnCvYFkXiKHn50zjyfktGnChsJNcRtgj2R4RUcK6ahtXfYRRMCCzITuSKy2eG+yPQ/vOuaTOqkiKp9FmkF0UZDDE/GjK65zwe2JEVRtmvDX/tzR7Lsgfk5mcCdGWsnIR499XL

错误:

# ipsec showhostkey --left
ipsec showhostkey nss directory showhostkey: /etc/ipsec.d
ipsec showhostkey no secrets filename matched "/etc/ipsec.d/*.secrets"
No keys found
日期:2020-06-02 22:18:35 来源:oir作者:oir
在 CentOS 7/RHEL 7 上安装和配置 Percona XtraDB 集群高可用性(3)
Red Hat Linux 中 Samba 服务器的 iptables 规则

目录

Copyright © 2017-2019 OnITRoad.com All rights reserved.  桂ICP备20001160号-1  关于 | 隐私和政策