td-agent shared key mismatch between servers

Question

I am trying to set encrypted logs with td-agent between two machines. I have followed the examples from the official documentation of fluentd however i am stuck in a very weird situation. The client and server refuse to negotiate due to shared_key mismatch.

The key phrase is correct on both servers however both client and server state that keys mismatch.

Here is the client config (text omitted) :

<match uwsgi.**>
 type copy
<store>
    type secure_forward
    shared_key hello  
    send_timeout 30s
    self_hostname client.example.net

    <server>

            name server.example.net
            host server.example.net
            port 24225
    </server>
</store> 
</match>

And here is the server config:

<source>
  type secure_forward
  shared_key    hello
  self_hostname server.example.net
  bind 0.0.0.0
  port 24225
  secure true
  ca_cert_path /etc/td-agent/mycert.crt
  ca_private_key_path /etc/td-agent/mykey.key
  ca_private_key_passphrase ""

I keep getting these error messages from server:

Shared key mismatch from 'client.example.net'

Same from client:

[warn]: dead connection found: server.example.net, reconnecting...  
[warn]: connection refused to server.example.net:authentication failed: shared_key mismatch

Any ideas?

Answer 1

It turns out that the secure_forward plugin of td-agent had different versions.

In more detail, the latest version of the relevant plugin (0.4.5),m "salts" the password with a "nonce" but the previous version does not. Thus, one password ends up with a different sha sum.

Two solutions:
1. Update secure_forward plugin on both ends
2. Remove the digest procedure within the code.

Answer 2

<match uwsgi.**>
 type copy
<store>
    type secure_forward
    
    send_timeout 30s
    self_hostname client.example.net

    <server>
      shared_key hello  # put the same shared key
      name server.example.net
      host server.example.net
      port 24225
    </server>
</store> 
</match>