Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tang server does not deliver keys #102

Open
nemihome opened this issue Nov 12, 2022 · 12 comments
Open

Tang server does not deliver keys #102

nemihome opened this issue Nov 12, 2022 · 12 comments

Comments

@nemihome
Copy link

nemihome commented Nov 12, 2022

I have installed tang on ubuntu 22.04 LTS. I changed the port to 7500:

systemctl show tangd.socket -p Listen
Listen=[::]:7500 (Stream)

tangd.socket - Tang Server socket
Loaded: loaded (/lib/systemd/system/tangd.socket; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/tangd.socket.d
└─port.conf
Active: active (listening) since Sat 2022-11-12 21:12:47 CET; 44min ago
Triggers: ● [email protected]:7500-127.0.0.1:58504.service
[email protected]:7500-127.0.0.1:59830.service
Listen: [::]:7500 (Stream)
Accepted: 14; Connected: 0;
Tasks: 0 (limit: 35918)
Memory: 4.0K
CPU: 9ms
CGroup: /system.slice/tangd.socket

If I try the follwing:
tang-show-keys 7500

The result is this:
curl: (56) Recv failure: Connection reset by peer

I deactivated the firewall for test purposes but that makes not difference. And it should not be if this is a request on the same host.

@sarroutbi
Copy link
Collaborator

Can you please execute next command and paste output?:

curl http://localhost:7500/adv

@nemihome
Copy link
Author

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) Recv failure: Connection reset by peer

It's the same on two different servers running with ubuntu 22.04

@sarroutbi
Copy link
Collaborator

Sorry, I can not figure out what the problem is.

Which clevis version are you using?
How did you change port number where clevis is reading?
Did you try with other port?

I will try to reproduce this and if I come to a conclusion, I will let you know

@nemihome
Copy link
Author

nemihome commented Nov 16, 2022

I changed the port via
/etc/systemd/system/tangd.socket.d/override.conf

[Socket]
ListenStream=
ListenStream=7500

I have tried different ports now. After that the error message is different. Now the message is as following;
url: (7) Failed to connect to vpsmail.de port 7500 after 5 ms: Connection refused
url: (7) Failed to connect to vpsmail.de port 7300 after 5 ms: Connection refused
url: (7) Failed to connect to vpsmail.de port 7200 after 5 ms: Connection refused
I checked with systemctl show tangd.socket -p Listen if tang is listening to the port and this show 7500, 7300 and 7200

How can I see the clevis version?
With
apt-show-versions clevis
I'm getting
18-1ubuntu1

@sergio-correia
Copy link
Collaborator

Please, post the output of systemctl status tangd.socket
Also, please check the permissions in /var/lib/tang: ls -ld /var/lib/tang/

@nemihome
Copy link
Author

systemctl status tangd.socket
● tangd.socket - Tang Server socket
Loaded: loaded (/lib/systemd/system/tangd.socket; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/tangd.socket.d
└─override.conf
Active: active (listening) since Sun 2022-11-13 09:46:12 CET; 3 days ago
Listen: [::]:7500 (Stream)
Accepted: 10; Connected: 0;
Tasks: 0 (limit: 4625)
Memory: 0B
CPU: 12ms
CGroup: /system.slice/tangd.socket

Notice: journal has been rotated since unit was started, output may be incomplete.

ls -ld /var/lib/tang/
drwxr-xr-x 1 _tang _tang 0 Nov 13 09:31 /var/lib/tang/

@nemihome
Copy link
Author

nemihome commented Nov 16, 2022

The accepted connections did count up as I had the old error curl: (56) Recv failure: Connection reset by peer. Since I changed the port and switched back it does not count up anymore.

@sarroutbi
Copy link
Collaborator

sarroutbi commented Feb 27, 2023

Can you execute "curl" with verbose option, to try to see if there is more info there?

curl --verbose http://localhost:7500/adv

Also, check your /etc/hosts, as it is weird that it is trying to resolve localhost to a named host:

Failed to connect to vpsmail.de port 7500

@nemihome
Copy link
Author

curl --verbose http://localhost:7500/adv

  • Trying 127.0.0.1:7500...
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to localhost (127.0.0.1) port 7500 (#0)

GET /adv HTTP/1.1
Host: localhost:7500
User-Agent: curl/7.81.0
Accept: /

  • Recv failure: Connection reset by peer

    0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

  • Closing connection 0
    curl: (56) Recv failure: Connection reset by peer

@sarroutbi
Copy link
Collaborator

Sorry, I can not figure out what the issue could be .... ¿do you have firewalld running?

@nemihome
Copy link
Author

Hello, firewalld is running but the effect is the same on localhost (where firewalld has no effect) or when the port is open in firewalld for runtime and permanent configuration. I would assume that a closed port in firewall would not be a connection reset instead there would be no connection at all because the port would not be accessible at al. Currently I'm running Ubuntu 22.04.2.

@nemihome
Copy link
Author

nemihome commented Sep 1, 2023

Seems to be a configuration setting. I have two servers running on Ubuntu 22.04.3 which are upgraded (not sure what the install version was 18 or maybe even earlier). And I have another one also 22.04.3 which I have installed later (maybe with 20.04). On this one this message is not showing up and I'm getting the key insteat of the curl error. This seems to be a config setting not directly tang related which I have not found so far.

Output is identical apart the result:
Working Tang Server A - Ubuntu 22.04.3:

curl -v http://localhost:7500/adv

  • Trying 127.0.0.1:7500...
  • Connected to localhost (127.0.0.1) port 7500 (#0)

GET /adv HTTP/1.1
Host: localhost:7500
User-Agent: curl/7.81.0
Accept: /

  • Mark bundle as not supporting multiuse
    < HTTP/1.1 200 OK
    < Content-Type: application/jose+json
    < Content-Length: 993

Not working Tang Server B - Ubuntu 22.04.3:

curl -v http://localhost:7500/adv

  • Trying 127.0.0.1:7500...
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

  • Connected to localhost (127.0.0.1) port 7500 (#0)

GET /adv HTTP/1.1
Host: localhost:7500
User-Agent: curl/7.81.0
Accept: /

  • Recv failure: Connection reset by peer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants