[Asterisk-Users] RSA question
Raul Elizondo (wizardteam)
rauleli at wizardteam.com
Sun May 8 07:55:57 MST 2005
Hi,
Acording with http://www.voip-info.org/wiki-Asterisk+iax+rsa+auth, both
sides should have "auth=rsa" in their respective section at iax.conf. But
i've found that if server includes this option, the client keeps saying "No
way to send secret to peer". My links with FWD and Iaxtel are working fine,
this is a test i m doing with 2 asterisks i configured.
Also, if i use "register => user:[name-of-public-key]:secret at host" or
"register => user:[name-of-public-key]@host", then i get a message from
client saying "Asked to authenticate to xx.xx.xx.xx with an RSA key, but
they don't allow RSA authentication", but link works anyway and calls both
sides can be placed.
In my case, i use both sides with "type=friend", so i can do incomming and
outgoing calls, and when i do "iax2 show peers" at the client side, i get:
Name/Username Host Mask Port Status
myserver/user xx.xx.xx.xx (S) 255.255.255.255 4569 OK (1 ms)
which means that is a (S)ecured password transaction. In both sides, "iax2
show users" shows "000000000000004" in the "Authen" column.
Once the client authenticate with the server, the server does not need to re
challenge the secence of user/secret with the client, because it already has
the addres where to point the outgoing calls.
My question is.... Is it still a secured password transaction even the
server has no "auth=rsa"?
For the server, even if no "inkeys" and "outkey" defined, everything works
fine.
.key and .pub files are created with astgenkey, and client only has the .pub
file and it is specified in the "inkeys" at the clients context for the link
with the server at iax.conf.
A last question would be.... Is there anything else missing at the url which
explains how to set up a RSA authentication? Cant make it work in that way.
Regards...
-=Raul=-
More information about the asterisk-users
mailing list