Access denied by cfservd/cfd

Relevant classes: any When setting up cfservd, you might see the error message Apr 9 11:22:27 host.example.org cfservd[613]: Host authentication failed or access denied This means that cfservd cannot or will not authenticate the connection from your client machine. The message is generic. It is deliberately non-specific so that anyone attempting to attack or exploit the service will not be given information which might be useful to them. There is a simple checklist for curing this problem: Make sure that the domain variable is set in both the cfagent.conf and cfservd.conf files. Make sure that you have granted access to your client in the cfservd.conf file, e.g. TrustKeysFrom = ( ) AllowUsers = ( ) AllowMultipleConnections = ( ) Make sure you have created valid keys for the hosts using cfkey. If you are using secure copy, make sure that you have created a key file and that you have distributed and installed it to all participating hosts in your cluster. Remember that you can run both cfengine and cfd in debugging mode to see how the authentication takes place: cfagent -d2 cfservd -d2 Cfagent reports "access denied" regardless of the nature of the error, to avoid giving away information which might be used by an attacker. To find out the real reason for a denial, use debugging mode -d2. Back to documentation