Curl failed to read known_hosts file

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
4
down vote

favorite












I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl with the scp protocol and I'm getting this error output:



$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0


I can download the file using scp no questions asked:



$ scp cz:/path/to/file .


I can log in to the server with ssh again no questions asked



$ ssh cz


There are both ssh-rsa and ssh-dss keys at the server's authorized_keys file



What is exactly curl complaining about? My only guess is that curl wants a dsa key in the client's known_hosts file. If that is the case how to generate it? Or how to make curl look for the rsa key instead in that file?



Update



At the client:



$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts





centos scp curl







share|improve this question























  • Can you post the output of ls -l /home/cpn/.ssh/known_hosts on the machine hosting this very file?
    – John WH Smith
    Nov 12 '14 at 18:37










  • @John Edited with the command output
    – Clodoaldo
    Nov 12 '14 at 18:49










  • Do you expect curl to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems like curl is trying to perform publickey (passwordless) authentication here.
    – John WH Smith
    Nov 12 '14 at 18:51











  • @John I can do scp copy and ssh login using publickey for the remote host. So I expect curl to use publickey.
    – Clodoaldo
    Nov 12 '14 at 19:53














up vote
4
down vote

favorite












I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl with the scp protocol and I'm getting this error output:



$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0


I can download the file using scp no questions asked:



$ scp cz:/path/to/file .


I can log in to the server with ssh again no questions asked



$ ssh cz


There are both ssh-rsa and ssh-dss keys at the server's authorized_keys file



What is exactly curl complaining about? My only guess is that curl wants a dsa key in the client's known_hosts file. If that is the case how to generate it? Or how to make curl look for the rsa key instead in that file?



Update



At the client:



$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts





centos scp curl







share|improve this question























  • Can you post the output of ls -l /home/cpn/.ssh/known_hosts on the machine hosting this very file?
    – John WH Smith
    Nov 12 '14 at 18:37










  • @John Edited with the command output
    – Clodoaldo
    Nov 12 '14 at 18:49










  • Do you expect curl to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems like curl is trying to perform publickey (passwordless) authentication here.
    – John WH Smith
    Nov 12 '14 at 18:51











  • @John I can do scp copy and ssh login using publickey for the remote host. So I expect curl to use publickey.
    – Clodoaldo
    Nov 12 '14 at 19:53












up vote
4
down vote

favorite









up vote
4
down vote

favorite











I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl with the scp protocol and I'm getting this error output:



$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0


I can download the file using scp no questions asked:



$ scp cz:/path/to/file .


I can log in to the server with ssh again no questions asked



$ ssh cz


There are both ssh-rsa and ssh-dss keys at the server's authorized_keys file



What is exactly curl complaining about? My only guess is that curl wants a dsa key in the client's known_hosts file. If that is the case how to generate it? Or how to make curl look for the rsa key instead in that file?



Update



At the client:



$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts





centos scp curl







share|improve this question















I'm trying to download a file from a Centos 6 server using another Centos 6 server as client and curl with the scp protocol and I'm getting this error output:



$ curl -v -O scp://cz/path/to/file
* About to connect() to cz port 22 (#0)
* Trying 1.2.3.4... connected
* Connected to cz (1.2.3.4) port 22 (#0)
* Failed to read known hosts from /home/cpn/.ssh/known_hosts
* SSH host check: 0, key: AAAAB3NzaC1yc2EAAAABIwAAAQEAyeeDgYFsHi3Ks3PxCXt69IHBr7yNII720sXOm9WKIdGnwPf7QHbLsMf41mctcGRSJ2yO2EXpNEbZQhdUqs3oImdTn2OHF/K8STK1GXMVseusgmPuQWBt36AVPon7h9lSCjtxt+1UpFJoireXvhUDlgg9i1C9QbE04GAmA7vMOmtcVt3/3F6X/hKhOZvHj1gu5+RzCO8fXo2R8XeRoN0GcU2jVOhug0G+hXAiHymh5JzVm4YlCzsNIv3mDOF2lZRLdkor5FDKjBY8/o/5O8U0lWm4ie2S7qDppqCJP2SnNTWlaM3k5HDmdyEKKZ0lV+qG33q3ADZxjBeIKQtWLZfC3w==
* SSH authentication methods available: publickey,gssapi-keyex,gssapi-with-mic,password
* Using ssh public key file /home/cpn/.ssh/id_dsa.pub
* Using ssh private key file /home/cpn/.ssh/id_dsa
* SSH public key authentication failed: Username/PublicKey combination invalid
* Authentication failure
* Closing connection #0


I can download the file using scp no questions asked:



$ scp cz:/path/to/file .


I can log in to the server with ssh again no questions asked



$ ssh cz


There are both ssh-rsa and ssh-dss keys at the server's authorized_keys file



What is exactly curl complaining about? My only guess is that curl wants a dsa key in the client's known_hosts file. If that is the case how to generate it? Or how to make curl look for the rsa key instead in that file?



Update



At the client:



$ ls -l /home/cpn/.ssh/known_hosts
-rw-r--r--. 1 cpn cpn 1970 Nov 12 16:12 /home/cpn/.ssh/known_hosts





centos scp curl




centos scp curl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 13 '14 at 10:15

























asked Nov 12 '14 at 16:44









Clodoaldo

234314




234314











  • Can you post the output of ls -l /home/cpn/.ssh/known_hosts on the machine hosting this very file?
    – John WH Smith
    Nov 12 '14 at 18:37










  • @John Edited with the command output
    – Clodoaldo
    Nov 12 '14 at 18:49










  • Do you expect curl to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems like curl is trying to perform publickey (passwordless) authentication here.
    – John WH Smith
    Nov 12 '14 at 18:51











  • @John I can do scp copy and ssh login using publickey for the remote host. So I expect curl to use publickey.
    – Clodoaldo
    Nov 12 '14 at 19:53
















  • Can you post the output of ls -l /home/cpn/.ssh/known_hosts on the machine hosting this very file?
    – John WH Smith
    Nov 12 '14 at 18:37










  • @John Edited with the command output
    – Clodoaldo
    Nov 12 '14 at 18:49










  • Do you expect curl to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems like curl is trying to perform publickey (passwordless) authentication here.
    – John WH Smith
    Nov 12 '14 at 18:51











  • @John I can do scp copy and ssh login using publickey for the remote host. So I expect curl to use publickey.
    – Clodoaldo
    Nov 12 '14 at 19:53















Can you post the output of ls -l /home/cpn/.ssh/known_hosts on the machine hosting this very file?
– John WH Smith
Nov 12 '14 at 18:37




Can you post the output of ls -l /home/cpn/.ssh/known_hosts on the machine hosting this very file?
– John WH Smith
Nov 12 '14 at 18:37












@John Edited with the command output
– Clodoaldo
Nov 12 '14 at 18:49




@John Edited with the command output
– Clodoaldo
Nov 12 '14 at 18:49












Do you expect curl to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems like curl is trying to perform publickey (passwordless) authentication here.
– John WH Smith
Nov 12 '14 at 18:51





Do you expect curl to prompt for an SSH/SCP password, or did you configure your RSA key for this remote host? It seems like curl is trying to perform publickey (passwordless) authentication here.
– John WH Smith
Nov 12 '14 at 18:51













@John I can do scp copy and ssh login using publickey for the remote host. So I expect curl to use publickey.
– Clodoaldo
Nov 12 '14 at 19:53




@John I can do scp copy and ssh login using publickey for the remote host. So I expect curl to use publickey.
– Clodoaldo
Nov 12 '14 at 19:53










2 Answers
2






active

oldest

votes

















up vote
2
down vote













I can at least explain what's probably going on: the . after the permissions in the output of ls -l indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts to display the file's policy.



Presumably /usr/bin/ssh and its companion programs (ssh-keygen, scp, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh and friends do it.



You can use the chcon command to edit the policy for that file, and restorecon to restore the default policy. See the CentOS wiki for more information about SELinux.






share|improve this answer




















  • +1 I did setenforce 0 but still the same error message.
    – Clodoaldo
    Nov 13 '14 at 9:58


















up vote
0
down vote













For people who find this page via google:



It looks like old versions of cURL choke on known_hosts files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa.



For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256, which is the majority of the keys in my known_hosts file.






share|improve this answer










New contributor




tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f167599%2fcurl-failed-to-read-known-hosts-file%23new-answer', 'question_page');

    );

    Post as a guest

















    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote













    I can at least explain what's probably going on: the . after the permissions in the output of ls -l indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts to display the file's policy.



    Presumably /usr/bin/ssh and its companion programs (ssh-keygen, scp, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh and friends do it.



    You can use the chcon command to edit the policy for that file, and restorecon to restore the default policy. See the CentOS wiki for more information about SELinux.






    share|improve this answer




















    • +1 I did setenforce 0 but still the same error message.
      – Clodoaldo
      Nov 13 '14 at 9:58















    up vote
    2
    down vote













    I can at least explain what's probably going on: the . after the permissions in the output of ls -l indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts to display the file's policy.



    Presumably /usr/bin/ssh and its companion programs (ssh-keygen, scp, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh and friends do it.



    You can use the chcon command to edit the policy for that file, and restorecon to restore the default policy. See the CentOS wiki for more information about SELinux.






    share|improve this answer




















    • +1 I did setenforce 0 but still the same error message.
      – Clodoaldo
      Nov 13 '14 at 9:58













    up vote
    2
    down vote










    up vote
    2
    down vote









    I can at least explain what's probably going on: the . after the permissions in the output of ls -l indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts to display the file's policy.



    Presumably /usr/bin/ssh and its companion programs (ssh-keygen, scp, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh and friends do it.



    You can use the chcon command to edit the policy for that file, and restorecon to restore the default policy. See the CentOS wiki for more information about SELinux.






    share|improve this answer












    I can at least explain what's probably going on: the . after the permissions in the output of ls -l indicates the presence of an SELinux policy, which overrides file permissions based on which program is accessing the file. Use ls -Z ~/.ssh/known_hosts to display the file's policy.



    Presumably /usr/bin/ssh and its companion programs (ssh-keygen, scp, etc.) are the only programs who are allowed to access that file. I'm skeptical about this policy: it is useful to edit ~/.ssh/known_hosts manually sometimes. However I don't understand why curl would want to read that file instead of letting ssh and friends do it.



    You can use the chcon command to edit the policy for that file, and restorecon to restore the default policy. See the CentOS wiki for more information about SELinux.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Nov 13 '14 at 1:46









    Gilles

    518k12410321562




    518k12410321562











    • +1 I did setenforce 0 but still the same error message.
      – Clodoaldo
      Nov 13 '14 at 9:58

















    • +1 I did setenforce 0 but still the same error message.
      – Clodoaldo
      Nov 13 '14 at 9:58
















    +1 I did setenforce 0 but still the same error message.
    – Clodoaldo
    Nov 13 '14 at 9:58





    +1 I did setenforce 0 but still the same error message.
    – Clodoaldo
    Nov 13 '14 at 9:58













    up vote
    0
    down vote













    For people who find this page via google:



    It looks like old versions of cURL choke on known_hosts files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa.



    For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256, which is the majority of the keys in my known_hosts file.






    share|improve this answer










    New contributor




    tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















      up vote
      0
      down vote













      For people who find this page via google:



      It looks like old versions of cURL choke on known_hosts files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa.



      For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256, which is the majority of the keys in my known_hosts file.






      share|improve this answer










      New contributor




      tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.



















        up vote
        0
        down vote










        up vote
        0
        down vote









        For people who find this page via google:



        It looks like old versions of cURL choke on known_hosts files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa.



        For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256, which is the majority of the keys in my known_hosts file.






        share|improve this answer










        New contributor




        tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        For people who find this page via google:



        It looks like old versions of cURL choke on known_hosts files with unrecognized keytypes, and sufficiently old versions of cURL don't recognize any keytype but ssh-rsa.



        For example, my cURL is version 7.29.0 (6 years old, and the latest available in CentOS 7 as of this writing), and will cease reading keys after the first ecdsa-sha2-nistp256, which is the majority of the keys in my known_hosts file.







        share|improve this answer










        New contributor




        tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer








        edited 3 mins ago





















        New contributor




        tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered 10 mins ago









        tboz203

        12




        12




        New contributor




        tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        tboz203 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f167599%2fcurl-failed-to-read-known-hosts-file%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
            Read more

            Bahrain

            Image
            For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
            Read more

            Postfix configuration issue with fips on centos 7; mailgun relay

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
            Read more