Re: [Sks-devel] Newbie needs help...

[Martin Papik]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Addendum

I noticed this in my logs:

2014-05-05 01:06:25 Reconciliation attempt from unauthorized host
<ADDR_INET [94.23.11.46]:58500>.  Ignoring

And it resolved to a host similar to yours, so your outgoing IP
address isn't the one it should be.

$ host 94.23.11.46
46.11.23.94.in-addr.arpa domain name pointer
business-ip-94-23-11-46.static.lu.


Martin

On 05/05/2014 01:50 AM, Martin Papik wrote:
> 
> I'm somewhat new myself, but here goes.
> 
> To me it looks like one or more of your peers doesn't have you 
> configured. To find out which one you have a few choices.
> 
> 1) look at the logs to see which peers you do receive keys from,
> the ones you don't are probably broken
> 
> 2) tcpdump
> 
> 3) iptables rules for statistics of how many bytes are exchanged
> with the IP addresses that are resolved, you have them in the
> snippet you sent.
> 
> Also make sure you do receive some keys for someone, recon.log,
> you should see entries like this:
> 
> 
> 2014-05-03 07:00:57 Requesting 1 missing keys from <ADDR_INET 
> [162.17.206.197]:11372>, starting with
> 299E952D7F78266B1C33B4C618ABA111 2014-05-03 07:00:58 1 keys
> received
> 
> I've looked through my log, I have your server configured, but I
> don't see anything coming from your side, which possibly means
> you're not receiving any keys from anyone. I don't see any traffic
> from you, so perhaps you have a more fundamental problem. Are there
> any firewall, routing or NAT-ing restrictions?
> 
> For starters, check if this works:
> 
> telnet sks-server.randala.com 11370 -b 89.46.222.116
> 
> It should connect, and you should see a line with some binary and
> some text, the text will contain words like bitquantum 
> yminsky.dedup,yminsky.merge http port mbar, so if you see that
> your outgoing connections are okay.
> 
> I tried connecting to your server and it seems to close down. Do
> you have multiple IPs on the server? Do you have a firewall?
> 
> PS my server is sks-server.randala.com
> 
> I hope this helped.
> 
> Martin
> 
> On 05/05/2014 12:10 AM, Martin A. wrote:
>> Hi,
> 
>> I hope someone could help me... I'm new to sks keyserver and have
>>  several problems... As you could see at 
>> http://sks.static.lu/pks/lookup?op=stats the "Statistics" are 
>> broken... I don't know why :( At 7 AM - 2014-05-04 I was not 
>> working on the server. If I do a cat /var/log/sks/recon.log I got
>>  the following log:
> 
> 
>> 2014-05-04 22:45:11 DB closed 2014-05-04 22:45:28 Opening log 
>> 2014-05-04 22:45:28 sks_recon, SKS version 1.1.3 2014-05-04 
>> 22:45:28 Copyright Yaron Minsky 2002-2003 2014-05-04 22:45:28 
>> Licensed under GPL.  See COPYING file for details 2014-05-04 
>> 22:45:28 Opening PTree database 2014-05-04 22:45:28 Setting up 
>> PTree data structure 2014-05-04 22:45:28 PTree setup complete 
>> 2014-05-04 22:46:29 address for sks-server.randala.com:11370 
>> changed from [] to [<ADDR_INET [85.195.123.236]:11370>,
>> <ADDR_INET [2a01:7a0:2:153::252]:11370>] 2014-05-04 22:46:29
>> address for keyserver.ut.mephi.ru:11370 changed from [] to
>> [<ADDR_INET [85.143.112.59]:11370>] 2014-05-04 22:46:29 address
>> for sks.disunitedstates.com:11370 changed from [] to [<ADDR_INET
>>  [91.205.174.236]:11370>, <ADDR_INET 
>> [2a02:c200:0:10::404:211]:11370>] 2014-05-04 22:46:29 address for
>>  keyserver.serviz.fr:11370 changed from [] to [<ADDR_INET 
>> [37.187.1.147]:11370>, <ADDR_INET [2001:41d0:a:193::1]:11370>] 
>> 2014-05-04 22:46:29 address for pgp.freiwuppertal.de:11370
>> changed from [] to [<ADDR_INET [109.239.48.152]:11370>,
>> <ADDR_INET [2a00:1158:3::1a2]:11370>] 2014-05-04 22:46:29 <recon
>> as client> error in callback.: Sys_error("Connection reset by
>> peer") 2014-05-04 22:47:29 <recon as client> error in callback.:
>>  Sys_error("Connection reset by peer") 2014-05-04 22:48:31
>> <recon as client> error in callback.: Sys_error("Connection reset
>> by peer") 2014-05-04 22:49:29 <recon as client> error in
>> callback.: Sys_error("Connection reset by peer") 2014-05-04
>> 22:50:27 <recon as client> error in callback.:
>> Sys_error("Connection reset by peer") 2014-05-04 22:51:26 <recon
>> as client> error in callback.: Sys_error("Connection reset by
>> peer") 2014-05-04 22:52:25 <recon as client> error in callback.:
>> Sys_error("Connection reset by peer") 2014-05-04 22:53:26 <recon
>> as client> error in callback.: Sys_error("Connection reset by
>> peer") 2014-05-04 22:54:26 <recon as client> error in callback.:
>> Sys_error("Connection reset by peer") 2014-05-04 22:55:26 <recon
>> as client> error in callback.: Sys_error("Connection reset by
>> peer") 2014-05-04 22:56:27 <recon as client> error in callback.:
>> Sys_error("Connection reset by peer") 2014-05-04 22:57:30 <recon
>> as client> error in callback.: Sys_error("Connection reset by
>> peer") 2014-05-04 22:58:29 <recon as client> error in callback.:
>> Sys_error("Connection reset by peer") 2014-05-04 22:59:30 <recon
>> as client> error in callback.: Sys_error("Connection reset by
>> peer") 2014-05-04 23:00:30 <recon as client> error in callback.:
>> Sys_error("Connection reset by peer") 2014-05-04 23:01:29 <recon
>> as client> error in callback.: Sys_error("Connection reset by
>> peer") 2014-05-04 23:02:30 <recon as client> error in callback.:
>> Sys_error("Connection reset by peer") 2014-05-04 23:03:29 <recon
>> as client> error in callback.: Sys_error("Connection reset by
>> peer")
> 
> 
>> Maybe someone would help this to get this server working... Also
>> I have added my sksconf file...
> 
> 
>> # /etc/sks/sksconf # # The configuration file for your SKS
>> server. # You can find more options in sks(8) manpage.
> 
>> # Set server hostname hostname: sks.static.lu
> 
>> # Set recon binding address recon_address: 0.0.0.0
> 
>> # Set recon port number recon_port: 11370
> 
>> # Set hkp binding address hkp_address: 0.0.0.0
> 
>> # Set hkp port number hkp_port: 11371
> 
>> # Have the HKP interface listen on port 80, as well as the
>> hkp_port #use_port_80:
> 
>> # From address used in synchronization emails used to communicate
>>  with PKS from_addr: address@hidden
> 
>> # Command used for sending mail (you can use -f option to specify
>>  the # envelope sender address, if your MTA trusts the sks user)
>>  #sendmail_cmd: /usr/lib/sendmail -t -oi
> 
>> # Runs database statistics calculation on boot (time and cpu 
>> expensive) initial_stat: membership_reload_interval: 1 stat_hour:
>>  23
> 
>> # bdb's db_tune program suggests a pagesize of 65536 for 
>> [K]DB/key. In practice # this caused page deadlocks. I found 8K 
>> (16) and 16K (32) to be better values pagesize:          16 # #
>> The tuner recommended 4096 (8) for the pagesize for PTree/ptree.
>> I have had # very good results with 8196 ptree_pagesize:    16
> 
> 
>> Thank you for your help :)
> 
>> kind regards Martin
> 
>> _______________________________________________ Sks-devel mailing
>>  list address@hidden 
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTZshYAAoJELsEaSRwbVYri70QAJDbBWZKPZk7U98vhwXA4kgC
BSJJ/g3NqtOFMPe8VOeSeoHB+OpKOSObke6IH2JbcKAjCbT2lW2M4WhdXSbBbgzj
QFz7OgdhFf60daz8a2K06zmUM3MT4N5F3oA1jhM7r5Vfy5IdeBApZGStjuEWJxKD
iR1OOM8XIQDfG5qIi5fFXbQ+YOTTMlgt30jdQrDSaSiagbwFfJeUGe2TSpCL91/Z
oTjXdJGBJ5coNzoqAuuXdTrWEZ8Zu6s7D18f9uG6Yo460TAPv+eNfHqTzF1ECTG9
vDTo0lUCWQRu9ODEm+PWEPjZPKVgzUlUSp6LQpd/2/hXhL8TmNvP5SrjHTrmSyJZ
BG0r7fVngpr3JkkT+jvRPNP4haYmbtIOHcEOYCLZqTWbhWSDFsU8GBoG30lYFWhQ
cQS3ZUErzBjI1mI3GlZzqY3ZzzynpQCNWLp79sdSv5AyPsR7liyCwsK6jMsUkgmR
cDQMwKwR8stbdc7ipHxiNBXOYCbKRDjEewkRRL+NIPtqPUgRSA9Y8opbvybttLNG
mkuJYSTQvrm4dYFkIY/RLpfUf4BBVB1IPmAsSrLdLlWQXecRnHMJvyV3FF63+rRR
5PaqtegZSRsVKiCDpGdsScbbczxXY3Nonn4FhB5RpTkh5e8BepqHUBMMywby66xr
kM36w++TfN8+l5pcSAjV
=jv05
-----END PGP SIGNATURE-----