Salt minion issues.

1,071 views
Skip to first unread message

Monah Baki

unread,
Apr 5, 2016, 9:57:47 AM4/5/16
to security-onion
How to resolve this issue?

security@p5seconion:/etc/nsm/rules$ cat /var/log/salt/minion
2016-04-05 13:41:58,951 [salt.crypt ][ERROR ][1727] The master key has changed, the salt master could have been subverted, verify salt master's public key
2016-04-05 13:41:58,952 [salt.crypt ][CRITICAL][1727] The Salt Master server's public key did not authenticate!
The master may need to be updated if it is a version of Salt lower than 2015.5.3, or
If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.
The master public key can be found at:
/etc/salt/pki/minion/minion_master.pub
2016-04-05 13:52:54,139 [salt.crypt ][ERROR ][5596] The master key has changed, the salt master could have been subverted, verify salt master's public key
2016-04-05 13:52:54,139 [salt.crypt ][CRITICAL][5596] The Salt Master server's public key did not authenticate!
The master may need to be updated if it is a version of Salt lower than 2015.5.3, or
If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.
The master public key can be found at:
/etc/salt/pki/minion/minion_master.pub
2016-04-05 13:55:32,506 [salt.crypt ][ERROR ][5991] The master key has changed, the salt master could have been subverted, verify salt master's public key
2016-04-05 13:55:32,506 [salt.crypt ][CRITICAL][5991] The Salt Master server's public key did not authenticate!
The master may need to be updated if it is a version of Salt lower than 2015.5.3, or
If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.
The master public key can be found at:
/etc/salt/pki/minion/minion_master.pub

Thanks
Monah

Wes

unread,
Apr 5, 2016, 10:05:57 AM4/5/16
to security-onion

Monah,

Have you tried comparing the public key (/etc/salt/pki/minion/minion_master.pub)
you have for the master against the master itself?

Thanks,
Wes

Monah Baki

unread,
Apr 5, 2016, 10:45:07 AM4/5/16
to security-onion

Hi Wes,

The minion_master.pub files on the master server and sensor are different.


Thanks

Wes

unread,
Apr 5, 2016, 10:50:34 AM4/5/16
to security-onion

Monah,

You could try replacing the one on the sensor with the one from the master and see if that resolves your issue. It may be a good idea to backup the one on the sensor beforehand and move it to another directory temporarily.

Thanks,
Wes

Monah Baki

unread,
Apr 5, 2016, 10:56:44 AM4/5/16
to security-onion

Thanks, it worked

Wes Lambert

unread,
Apr 29, 2016, 1:23:08 PM4/29/16
to securit...@googlegroups.com

Try looking in /etc/salt/pki/minion.

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

Dmitriy Kupch

unread,
Sep 19, 2018, 3:54:09 PM9/19/18
to security-onion
Also removing the /etc/salt/pki/minion/minion_master.pub helps, as this file gets pulled from the master by the minion once it's restarted as a service.
Reply all
Reply to author
Forward
0 new messages