Salt: Some salt keys both in accepted keys and denied keys.
# salt-key
Accepted Keys:
aliyun-elliott
aliyun-fusheng
aliyun-iSer
aliyun-kaishan
aliyun-moon
aliyun-rebeng
aliyun-unts
aliyun-yilida
atlas
Bolaite
bolaite-new
ecoair
edmac
etc-tank
jinkaiwei
kaishanpz
liutech
master
moair
rocon
xalk
Denied Keys:
aliyun-moon
ecoair
jinkaiwei
Some keys both in accepted keys and denied keys. But I don't deny any keys. What's wrong?
abcfy2
All 5 comments
The primary time a key is "denied" is if a minion connects, and tries to authenticate with a public key other than the one the master already has accepted/cached. So minions with duplicate IDs would cause this, as well as minions which were rebuilt or had new keys generated, but the key was not deleted on the master.
basepi
on 12 Jun 2015
So to clarify, there's nothing technically wrong if you see the same minion ID in both lists. You can just delete the denied key if you want.
basepi
on 12 Jun 2015
When I try this, I get the message:
$ salt-key -d server14.domain.net
"
The following keys are going to be deleted:
Accepted Keys:
server14.domain.net
Denied Keys:
server14.domain.net
Proceed? [N/y] N
"
I answer "N" because I want to keep the accepted key. Any way to just delete the denied key, without deleting the key it is a duplicate of that is already accepted?
Smadarl
on 18 Jul 2017
Just delete the key out of the appropriate directory in /etc/salt/pki/master/
basepi
on 19 Jul 2017
I have the same issue. I deleted the keys in /etc/salt/pki/master/minions_denied but they come right back on a minion rebuild. Why would there be a denied key if the master and minion has the correct public keys?
jayshah11
on 18 Oct 2019
Related issues
sfozz
路
3Comments
seanacais
路
3Comments
golmaal
路
3Comments
Oloremo
路
3Comments
layer3switch
路
3Comments
Most helpful comment
Just delete the key out of the appropriate directory in
/etc/salt/pki/master/