[Freeipa-users] Can't update ssh keys
Bret Wortman
bret.wortman at damascusgrp.com
Fri Aug 9 19:46:28 UTC 2013
V3.1.something. I'm not at the office again till Monday.
On Fri, Aug 9, 2013 at 1:22 PM, Rob Crittenden <rcritten at redhat.com>
wrote:
> Bret Wortman wrote:
>> Any time I try to use the command-line utilities to add a host (this
>> includes ipa-client-install):
>>
>> #ipa host-mod host.damascusgrp.com
>> <http://bl-1.com/click/load/U2IPPgRiUmdQNVY7ATI-b0231> --updatedns
>> --sshpubkey="`cat /etc/ssh/ssh_host_rsa_key.pub`"
>> ipa: ERROR: invliad 'sshpubkey': must be binary data
>>
>> I know I can use the GUI, but as we could be rolling out a large number
>> of systems in coming months, that's not a good long-term option. So does
>> anyone know a way to make the CLI tools work?
>>
>> Second question: is there a way to update the SSHFP records apart from
>> using the CLI tools as above?
> A pub key consists of 3 pieces of data: the key type, the key and a comment.
> What version of IPA? IIRC in v2 only the key material itself was
> supported. This cli command should work with a v3 server which requires
> all 3 pieces.
> I imagine you could use dnsrecord-mod/add to manage the SSHFP record but
> that could lead to different values in the DNS and host entry if not
> done carefully.
> rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130809/07aaef50/attachment.htm>
More information about the Freeipa-users
mailing list