Error during server authentication (clients cannot connect after server restart)

Hello

Maybe this question has been answered before, but I’ve been unable to find it yet.

I have an internet server with several clients.

Today I realized in the server logs these errors:

2017-02-07 07:15:03: ERROR: Exception occured in CryptoFactory::signDataDSA: BER decode error
2017-02-07 07:15:03: ERROR: Signing challenge failed -2
2017-02-07 07:22:03: ERROR: Exception occured in CryptoFactory::signDataDSA: BER decode error
2017-02-07 07:22:03: ERROR: Signing challenge failed -2
2017-02-07 07:28:03: ERROR: Exception occured in CryptoFactory::signDataDSA: BER decode error
2017-02-07 07:28:03: ERROR: Signing challenge failed -2
2017-02-07 07:34:03: ERROR: Exception occured in CryptoFactory::signDataDSA: BER decode error
2017-02-07 07:34:03: ERROR: Signing challenge failed -2
[...]
2017-02-09 13:02:10: ERROR: Exception occured in CryptoFactory::signDataDSA: BER decode error
2017-02-09 13:02:10: ERROR: Signing challenge failed -2
2017-02-09 13:08:10: ERROR: Exception occured in CryptoFactory::signDataDSA: BER decode error
2017-02-09 13:08:10: ERROR: Signing challenge failed -2
2017-02-09 13:14:10: ERROR: Exception occured in CryptoFactory::signDataDSA: BER decode error

So I decided to restart our urbackup server.

After the restart I get:

2017-02-09 13:20:04: WARNING: Shutting down (Signal 15)
2017-02-09 13:20:23: ERROR: Exception occured in CryptoFactory::signDataDSA: BER decode error
2017-02-09 13:20:23: ERROR: Server ECDSA identity broken. Regenerating...
2017-02-09 13:22:37: ERROR: Error sending server signature to client
2017-02-09 13:22:37: ERROR: Error sending server signature to client
[...]

And since the restart the clients do not connect to the server. In the server status page all the clients are marked as “Error during server authentication”. I see through netstat that the clients reach the server.

The server is ubuntu 16.04 LTS,
urbackup package is 2.0.38.1660-1ubuntu1~xenial
/var/urbackup/ is in ext4 fs
backups are stored in brtfs fs

Thanks in advance

For what I see the server_ident_ecdsa409k1.* files changed on restart

-rwxr-x--- 1 urbackup urbackup  52 Feb  9 13:21 server_version_info.properties
-rw-r--r-- 1 urbackup urbackup 391 Feb  9 13:20 server_ident_ecdsa409k1.priv
-rw-r--r-- 1 urbackup urbackup 436 Feb  9 13:20 server_ident_ecdsa409k1.pub
-rw-r--r-- 1 urbackup urbackup  20 Jan 26 16:24 server_token.key
-rwxr-x--- 1 urbackup urbackup 443 Jan 26 03:25 server_ident.pub
-rwxr-x--- 1 urbackup urbackup 335 Jan 26 03:25 server_ident.priv
-rwxr-x--- 1 urbackup urbackup  23 Jan 26 03:25 server_ident.key

Is that related to the problem? I see that this happens on each urbackupsrv restart. Should that happen?

If it is not related to the problem:

how can I prevent the client disconnecting from the server (error during server authentication)?

and finally how can I get the clients back to the server? (those clients are road warriors)

Thanks in advance

You need to restore the server identity (server_ident_ecdsa409k1.priv, server_ident_ecdsa409k1.pub) from a backup.

Thanks Martin

I’ve tried your suggestion but seems that the server_ident_ecdsa409k1* are broken in the backup too, because each time I replace those files I get the ERROR: Server ECDSA identity broken. Regenerating... error.

… or maybe I have something else broken there.

Howerver, to reload/rejoin the lost clients, shall I copy the new server_ident_ecdsa409k1.pub to the client’s server_idents.txt file? Or if it is not possible, then shall I delete server_idents.txt to let the server send it’s new ident.pub?

Thank you in advance

Hi,

this has worked for me: Deleting all the keys on each client’s server_idents.txt and just paste the internet server’s identity key.

I would like to know, if possible, what happened at first with the server’s original server_ident_ecdsa409k1* keys that were marked as broken in order to prevent this issue in the future. Any clue or hint to debug it would be appreciated.

Thankyou