PM&C Keyexchange Action Fails Toward New Server

Asset ID:	1-72-2395155.1
Update Date:	2018-05-07
Keywords:

Solution Type Problem Resolution Sure

Solution 2395155.1 : PM&C Keyexchange Action Fails Toward New Server

Applies to:

Oracle Communications Diameter Signaling Router (DSR) - Version DSR 7.0.1 and later
Information in this document applies to any platform.

Symptoms

Keyexchange from PM&C to servers fails, with errors similar to the following (elements replaced where angle brackets <> are seen):

    [admusr@pmac ~]$ keyexchange admusr@<serverControIPaddr>
   The server does not know of <serverControIPaddr>.
   Will just exchange host keys for the name given!
   Password of admusr:
   ERROR: Could not tighten permisions on authorized key file!
   ERROR: FILE: /home/admusr/.ssh/authorized_keys
   ERROR: Could not exchange user keys!
   cannot remove path when cwd is /tmp/zQxnnao_aF for /tmp/zQxnnao_aF: at /usr/share/perl5/File/Temp.pm line 902
   [admusr@pmac ~]$

Changes

May be seen--but not limited to this circumstance--at addition of a new server in a deployment.

Cause

As the error text implies, the cause is indeed permissions and/or ownership differences between PM&C authorized_keys file and that of the target server for user admusr. The ownership and permissions should match; typically for admusr they will be admusr:admgrp with permissions of 600 as shown below:

[admusr@pmac ~]$ ls -la .ssh
<snip>
-rw------- 1 admusr admgrp 15900 Apr 26 00:20 authorized_keys <====== NORMAL admusr/admgrp permissions: 600 =======
<snip>

Solution

The solution is to change ownership and/or permissions for the authorized_keys file. For admusr the commands--using absolute path syntax--are as follows if logged in as admusr:

[admusr@pmac ~]$ sudo chown admusr:admgrp /home/admusr/.ssh/authorized_keys
[admusr@pmac ~]$ sudo chmod 600 /home/admusr/.ssh/authorized_keys

Thereafter, keyexchange to the targt server from the PM&C should work.

Attachments

This solution has no attachment