I can get the host keys in okay, it's the user keys that are giving me fits. No combination of fields seems to work. Before we troubleshoot very far, I will update to a newer release and try again. Every now and again, I just need the right motivation to upgrade.
* * *Bret Wortman* http://damascusgrp.com/ http://about.me/wortmanbret On Mon, Aug 12, 2013 at 11:10 AM, Rob Crittenden <rcrit...@redhat.com>wrote: > Bret Wortman wrote: > >> Rob, >> >> I'm running 2.2.1. Sorry about that, I got confused by my Cobbler >> version on a different server. I guess we're looking at an upgrade! >> > > For 2.x you might try: > > # ipa host-mod host.example.com --sshpubkey=`awk '{ print $2 '} > /etc/ssh/ssh_host_rsa_key.pub` > > I'm not 100% sure that the pub key format is space-delimited so YMMV, but > I think this is right. > > rob > > >> >> _ >> _ >> *Bret Wortman* >> >> >> http://damascusgrp.com/ >> http://about.me/wortmanbret >> >> >> On Fri, Aug 9, 2013 at 1:22 PM, Rob Crittenden <rcrit...@redhat.com >> <mailto:rcrit...@redhat.com>> wrote: >> >> Bret Wortman wrote: >> >> Any time I try to use the command-line utilities to add a host >> (this >> includes ipa-client-install): >> >> #ipa host-mod host.damascusgrp.com <http://host.damascusgrp.com> >> >> <http://bl-1.com/click/load/__**U2IPPgRiUmdQNVY7ATI-b0231<http://bl-1.com/click/load/__U2IPPgRiUmdQNVY7ATI-b0231> >> >> <http://bl-1.com/click/load/**U2IPPgRiUmdQNVY7ATI-b0231<http://bl-1.com/click/load/U2IPPgRiUmdQNVY7ATI-b0231>>> >> --updatedns >> >> --sshpubkey="`cat /etc/ssh/ssh_host_rsa_key.pub`**__" >> >> ipa: ERROR: invliad 'sshpubkey': must be binary data >> >> I know I can use the GUI, but as we could be rolling out a large >> number >> of systems in coming months, that's not a good long-term option. >> So does >> anyone know a way to make the CLI tools work? >> >> Second question: is there a way to update the SSHFP records >> apart from >> using the CLI tools as above? >> >> >> A pub key consists of 3 pieces of data: the key type, the key and a >> comment. >> >> What version of IPA? IIRC in v2 only the key material itself was >> supported. This cli command should work with a v3 server which >> requires all 3 pieces. >> >> I imagine you could use dnsrecord-mod/add to manage the SSHFP record >> but that could lead to different values in the DNS and host entry if >> not done carefully. >> >> rob >> >> >> >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users