The agent doesn't trust the master because it's not getting the expected domain name on the master's public key. From what I understand, it should be possible to do this without DNS by properly ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback