Getting Rejected key on sensor when running Salt

[Mark Moore]

We are seeing an issue with two of our sensors where salt appears to be broken when we run.

sudo salt-call state.highstate
[CRITICAL] The Salt Master has rejected this minion's public key!
To repair this issue, delete the public key for this minion on the Salt Master and restart this minion.
Or restart the Salt Master in open mode to clean out the keys. The Salt Minion will now exit.

Thx in advance for any assistance given.

[Doug Burks]

Hi Mark,

Have you tried doing what the message suggests?

"To repair this issue, delete the public key for this minion on the
Salt Master and restart this minion."

http://docs.saltstack.com/en/latest/ref/cli/salt-key.html

> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

[Mark Moore]

Ran the below commands on the master server (note the sensor key was listed under the Unaccepted Keys section):

sudo salt-key --list-all
sudo salt-key --delete <sensor key name>

The following keys are going to be deleted:
Unaccepted Keys:
<sensor name>
Proceed? [N/y] y
Key for minion <sensor name> deleted.
sudo salt-key --list-all

After running the list all command after attempting the deletion, the sensor key was still listed under the Unaccepted section.

[Mark Moore]

Also, on the sensor, I run the following and get this response in reference to the status of salt.

sudo service salt-minion status
salt-minion stop/waiting

[Doug Burks]

If the key is showing up as Unaccepted, then you'll need to accept the
key with the -a option.

[Doug Burks]

If the service is stopped, then have you tried starting it?

[Mark Moore]

Yes,see below.

sudo service salt-minion start
salt-minion start/running, process 25173

sudo salt '*' state.highstate
[ERROR ] Unable to connect to the publisher! You do not have permissions to access /var/run/salt/master
Failed to connect to the Master, is the Salt Master running?

From the master server when I run sudo salt '*' test.ping, it came back with the sensor in question as True.

The sensor is only listed once in the /opt/onionsalt/salt/top.sls

Thx.

[Doug Burks]

Please try removing and re-adding the key as follows.


On the sensor, stop the salt-minion service.

On the master server, delete any existing keys for that sensor.

On the master server, restart the salt-master service.

On the master server, verify that there are no keys listed for that sensor.

On the sensor, start the salt-minion service.

On the master server, verify that the sensor is showing up as an unaccepted key.

On the master server, accept the sensor's key.



If that doesn't work, verify that the sensor can connect to the master
server on ports 4505 and 4506 and reboot both boxes.


If that still doesn't work, repeat the above process and include all
output in your reply email.