[Freeipa-users] new issue with ssh key in the interface

Armstrong, Kenneth Lawrence klarmstrong2 at liberty.edu
Wed Jul 17 13:04:07 UTC 2013 

Thanks Petr,

I am 100% positive that I pressed 'Set' and not 'Cancel'.

Here are the exact steps and keys I used:

Generate an ssh public key (for user):

ssh-keygen -t rsa -C karmstrong at liberty.edu<mailto:karmstrong at liberty.edu>

Cat out the key, paste into web interface for user:

cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew== karmstrong at liberty.edu<mailto:karmstrong at liberty.edu>


Web interface says that the key is set

Click Update on web interface, get IPA Error 4202 "no modifications to be performed"


Skip the web interface, try from command line, appears to succeed:

[karmstrong at linuxclient<mailto:karmstrong at linuxclient> ~]$ ipa user-mod karmstrong --sshpubkey="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew== karmstrong at liberty.edu<mailto:karmstrong at liberty.edu>"
--------------------------
Modified user "karmstrong"
--------------------------
  User login: karmstrong
  First name: Kenneth
  Last name: Armstrong
  Home directory: /import/is/users/karmstrong
  Login shell: /bin/bash
  UID: 1838200001
  GID: 1838200001
  Account disabled: False
  SSH public key: ssh-rsa
                  AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew==
                  karmstrong at liberty.edu
  Password: True
  Member of groups: ipausers, linux_admin, gensys
  Member of Sudo rule: sudo-all
  Kerberos keys available: True
  SSH public key fingerprint: 51:B0:DC:AD:B3:33:5F:DE:39:6C:6E:4F:35:E1:A4:90 karmstrong at liberty.edu (ssh-rsa)



Double check the web interface, says that No Key is Set

Followed same procedure for a host, got the same exact results.

Tried to ssh as the user to the host that has keys set via command line, get the message that the keys could not be validated.

Thanks.

-Kenny

On Wed, 2013-07-17 at 10:33 +0200, Petr Vobornik wrote:


On 07/16/2013 07:24 PM, Armstrong, Kenneth Lawrence wrote:
> Hello all,
>
> i have a new problem with the SSH Key bit in the web interface.  I created a new ssh key for a user, and pasted it into the web interface for the user.  Afterward, it said that the key was not set.  So I attempted again from the commandline, and it looks like it took it.  However, when I go back to the web interface, it doesn't show one set for the user.
>
> I logged out of the interface and back in, but same story.
>
> Running IPA server 3.0 on RHEL 6.4.
>
> Any thoughts?
>
> -Kenny
>

Hello Kenny,

When SSH Public keys field in Web UI displays: "New: key not set" it
means that the key was not set in 'Show/Set key' dialog. In other words
you did not paste anything into the textarea or you pressed 'Cancel'
button instead of 'Set' button.

If something is pasted and confirmed by 'Set' button it displays: 'New:
key set'. The last remaining step is to click on 'Update' button on the
header part of the page to confirm and perform all the changes you made
on the page.

When keys are set in LDAP you should see a line similar to following for
each key:
"13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)"
Each fingerprint is followed by 'Show/Set key' and 'Delete' buttons.

I can't comment the CLI part without more information: key and exact
command you used.

HTH


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130717/fc90e204/attachment.htm>

More information about the Freeipa-users mailing list