[Freeipa-users] Can't update ssh keys
Rob Crittenden
rcritten at redhat.com
Fri Aug 9 17:22:31 UTC 2013
Bret Wortman wrote:
> Any time I try to use the command-line utilities to add a host (this
> includes ipa-client-install):
>
> #ipa host-mod host.damascusgrp.com
> <http://bl-1.com/click/load/U2IPPgRiUmdQNVY7ATI-b0231> --updatedns
> --sshpubkey="`cat /etc/ssh/ssh_host_rsa_key.pub`"
> ipa: ERROR: invliad 'sshpubkey': must be binary data
>
> I know I can use the GUI, but as we could be rolling out a large number
> of systems in coming months, that's not a good long-term option. So does
> anyone know a way to make the CLI tools work?
>
> Second question: is there a way to update the SSHFP records apart from
> using the CLI tools as above?
A pub key consists of 3 pieces of data: the key type, the key and a comment.
What version of IPA? IIRC in v2 only the key material itself was
supported. This cli command should work with a v3 server which requires
all 3 pieces.
I imagine you could use dnsrecord-mod/add to manage the SSHFP record but
that could lead to different values in the DNS and host entry if not
done carefully.
rob
More information about the Freeipa-users
mailing list