Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »



Moonshot has a number of steps that need to be performed to ensure that things work smoothly.  This can be done in an automated fashion - i.e. using a script to verify that certain important, but easy to confirm things are in place.


$ moonshot-readiness
usage: moonshot-readiness [task] [task]...
  Available tasks:
    minimal (default)
$ moonshot-readiness client ssh-client
  Testing task basic...
    Hostname is fqdn...                             [OKAY]
    Supported OS...                                 [OKAY]
    Moonshot repositories configured...             [FAIL]
  Testing task client...
    gss/mech...                                     [OKAY] in library path...                  [FAIL]
  Testing task ssh-client...
    GSSAPIAuthentication...                         [FAIL]
    GSSAPIKeyExchange...                            [OKAY]
  Test complete, failed tests:
    Moonshot repositories configured:
      Without the moonshot repositories configured, you will not be able to update to the latest versions of the moonshot code. in library path: was not found in your ld configuration - this may mean you've installed the Moonshot libraries in a non-default location.
      Your SSH client is not configured for GSSAPI authentication. Moonshot will not work. 


Each 'task' defines a number of items to check, what the valid response is, and a message to display in the event of the test failing. Tasks also list a parent tast that they depend on, (i.e. ssh-client depends on client, which in turn depends on basic, which means when testing for ssh-client,  


TaskDependsTitleDebian MethodRHEL MethodFailure TextFatal
basic-Hostname is FQDNWhen hostname is called, the value returned must be an FQDN, resolvable via DNS.Your servers hostname is not fully qualified or resolvable. This is required in order to prevent certain classes of attack.Yes
basic-Supported OS

Check 'uname -s', 'uname -r', 'uname -m', '/etc/issue', '/etc/*-release' to deterimine if the OS is one of:

  • Debian 6+
  • RHEL 6
  • CentOS 6
  • Scientific Linux 6
You are not running a supported OS. Moonshot may not work as indicated in the documentation.No
basic-Moonshot repository configurationCheck apt-cache policy for the moonshot repositories.Check yum repolist for the moonshot repositories No
basic-Current versionUsing yum update, are there any pending updates from the moonshot repository.using apt-get upgrade  

Is /usr/etc/gss/mech existant, have permissions of 644, and does it contain the following lines:

  • eap-aes128
  • eap-aes256

Is /etc/gss/mech existant, have permissions of 644, and does it contain the following lines:

  • eap-aes128
  • eap-aes256
ssh-clientclientGSSAPIAuthentication enabledUsing augeas and /etc/ssh/ssh_config, is 'GSSAPIAuthentication' set to 'yes'GSSAPIAuthentication must be enabled for Moonshot to function when using SSH.Yes
ssh-clientclientGSSAPIKeyExchange enabledUsing augeas and /etc/ssh/ssh_config, is 'GSSAPIKeyExchange' set to 'yes'GSSAPIKeyExchange should be enabled for Moonshot to function correctly when using SSH.No
ssh-serverrpPrivilege separation disabledUsing augeas and /etc/ssh/sshd_config is UsePrivilegeSeperation set to 'no'

Moonshot currently requires that OpenSSH server has privilege separation disabled.Yes



  • No labels