[Freeipa-users] new issue with ssh key in the interface

Petr Vobornik pvoborni at redhat.com
Wed Jul 17 13:44:13 UTC 2013 

I've tested your key on a fresh install of 
ipa-server-3.0.0-25.el6.x86_64 and it works for me. On the other hand, 
the description of the problem looks like a Web UI bug.

Is it possible, that you recently upgraded IPA server and Web browser 
still contains some old files in a cache? Please try reloading the UI 
with forced cache override, usual shortcut: Ctrl + F5 or Ctrl + Shift + R

Petr

On 07/17/2013 03:04 PM, Armstrong, Kenneth Lawrence wrote:
> Thanks Petr,
>
> I am 100% positive that I pressed 'Set' and not 'Cancel'.
>
> Here are the exact steps and keys I used:
>
> Generate an ssh public key (for user):
>
> ssh-keygen -t rsa -C karmstrong at liberty.edu<mailto:karmstrong at liberty.edu>
>
> Cat out the key, paste into web interface for user:
>
> cat .ssh/id_rsa.pub
> ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew== karmstrong at liberty.edu<mailto:karmstrong at liberty.edu>
>
>
> Web interface says that the key is set
>
> Click Update on web interface, get IPA Error 4202 "no modifications to be performed"
>
>
> Skip the web interface, try from command line, appears to succeed:
>
> [karmstrong at linuxclient<mailto:karmstrong at linuxclient> ~]$ ipa user-mod karmstrong --sshpubkey="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew== karmstrong at liberty.edu<mailto:karmstrong at liberty.edu>"
> --------------------------
> Modified user "karmstrong"
> --------------------------
>    User login: karmstrong
>    First name: Kenneth
>    Last name: Armstrong
>    Home directory: /import/is/users/karmstrong
>    Login shell: /bin/bash
>    UID: 1838200001
>    GID: 1838200001
>    Account disabled: False
>    SSH public key: ssh-rsa
>                    AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew==
>                    karmstrong at liberty.edu
>    Password: True
>    Member of groups: ipausers, linux_admin, gensys
>    Member of Sudo rule: sudo-all
>    Kerberos keys available: True
>    SSH public key fingerprint: 51:B0:DC:AD:B3:33:5F:DE:39:6C:6E:4F:35:E1:A4:90 karmstrong at liberty.edu (ssh-rsa)
>
>
>
> Double check the web interface, says that No Key is Set
>
> Followed same procedure for a host, got the same exact results.
>
> Tried to ssh as the user to the host that has keys set via command line, get the message that the keys could not be validated.
>
> Thanks.
>
> -Kenny
>
> On Wed, 2013-07-17 at 10:33 +0200, Petr Vobornik wrote:
>
>
> On 07/16/2013 07:24 PM, Armstrong, Kenneth Lawrence wrote:
>> Hello all,
>>
>> i have a new problem with the SSH Key bit in the web interface.  I created a new ssh key for a user, and pasted it into the web interface for the user.  Afterward, it said that the key was not set.  So I attempted again from the commandline, and it looks like it took it.  However, when I go back to the web interface, it doesn't show one set for the user.
>>
>> I logged out of the interface and back in, but same story.
>>
>> Running IPA server 3.0 on RHEL 6.4.
>>
>> Any thoughts?
>>
>> -Kenny
>>
>
> Hello Kenny,
>
> When SSH Public keys field in Web UI displays: "New: key not set" it
> means that the key was not set in 'Show/Set key' dialog. In other words
> you did not paste anything into the textarea or you pressed 'Cancel'
> button instead of 'Set' button.
>
> If something is pasted and confirmed by 'Set' button it displays: 'New:
> key set'. The last remaining step is to click on 'Update' button on the
> header part of the page to confirm and perform all the changes you made
> on the page.
>
> When keys are set in LDAP you should see a line similar to following for
> each key:
> "13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)"
> Each fingerprint is followed by 'Show/Set key' and 'Delete' buttons.
>
> I can't comment the CLI part without more information: key and exact
> command you used.
>
> HTH
>
>


-- 
Petr Vobornik

More information about the Freeipa-users mailing list