Raspbian Mandos Client error: Bad gpgme_op_decrypt: GPGME : Decryption failed
Teddy Hogeborn
teddy at recompile.se
Mon Feb 18 18:39:32 CET 2019
Juan Miguel Alcarria Herrera <juanmi at arco2000.es> writes:
> I have a problem with a Mandos Client in a Raspbx (Raspbian for asterisk
> voip system).
>
> 1.- I made the installation of raspbx.
>
> 2.- I encrypted the system.
>
> 3. I installed, configured and cheked the Mandos Server. I chek the
> installation with a Debian x86 client and all is OK
>
> 4. I configured the Mandos Client in Raspberry PI with this:
[...]
You really shouldn't need a custom network hook or a custom setting in
plugin-runner.conf just for setting up a network interface and using
DHCP. You could remove both of those and just add (for your case)
"ip=:::::enxb827eba1cba5:dhcp::: mandos=connect:10.19.4.124:9000" to the
Linux kernel command line (usually the GRUB_CMDLINE_LINUX setting in the
/etc/default/grub file; don't forget to run "update-grub" after
modifying that file).
Note: The above settings are untested.
> 5. Check the Mandos Client in the system decrypted:
> /usr/lib/arm-linux-gnueabihf/mandos/plugins.d/mandos-client
> --pubkey=/etc/keys/mandos/pubkey.txt --seckey=/etc/keys/mandos/seckey.txt
> --connect=10.19.4.124:9000; echo
> Al is OK.
>
> 6. Reboot the system and try the installation:
>
> This is the error:
> Bad gpgme_op_decrypt: GPGME : Decryption failed
That suggests that the Mandos connection succeeded, and simply failed to
decrypt the secret password given by the server. Does the server (while
running mandos-monitor) show the secret being given out to the client?
Regardless of that, I think I'd like to see some more debug output from
the client; i.e. the --debug option given to the client. You can boot the
system into the initramfs environment by giving the "break" Linux kernel
command line option. From there, you can run mandos-client manually
with the --debug option and possibly get more information on why it is
failing here in the initramfs but not in the normal system.
> Othet symptom is the Mandos Client don't work until I push the enter
> in the keyboard of the raspberry. (Isn't unattended)
>
> Version:
> ii mandos-client 1.7.15-1 armhf
That version is a bit old. In particular, this problem of yours might
be exacly Debian bug #894495 <https://bugs.debian.org/894495>, fixed in
Mandos 1.7.20. I would suggest that you install our latest version as
detailed here: <https://wiki.recompile.se/wiki/Mandos#Download>
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20190218/1edac520/attachment.sig>
More information about the Mandos-Dev
mailing list