Re: [Freeipa-users] Can't update ssh keys

2013-08-12 Thread Bret Wortman 
I can get the host keys in okay, it's the user keys that are giving me
fits. No combination of fields seems to work. Before we troubleshoot very
far, I will update to a newer release and try again. Every now and again, I
just need the right motivation to upgrade.


*
*
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret


On Mon, Aug 12, 2013 at 11:10 AM, Rob Crittenden wrote:

> Bret Wortman wrote:
>
>> Rob,
>>
>> I'm running 2.2.1. Sorry about that, I got confused by my Cobbler
>> version on a different server. I guess we're looking at an upgrade!
>>
>
> For 2.x you might try:
>
> # ipa host-mod host.example.com --sshpubkey=`awk '{ print $2 '}
> /etc/ssh/ssh_host_rsa_key.pub`
>
> I'm not 100% sure that the pub key format is space-delimited so YMMV, but
> I think this is right.
>
> rob
>
>
>>
>> _
>> _
>> *Bret Wortman*
>>
>>
>> http://damascusgrp.com/
>> http://about.me/wortmanbret
>>
>>
>> On Fri, Aug 9, 2013 at 1:22 PM, Rob Crittenden > > wrote:
>>
>> Bret Wortman wrote:
>>
>> Any time I try to use the command-line utilities to add a host
>> (this
>> includes ipa-client-install):
>>
>> #ipa host-mod host.damascusgrp.com 
>> 
>> 
>> 
>> >>
>> --updatedns
>>
>> --sshpubkey="`cat /etc/ssh/ssh_host_rsa_key.pub`**__"
>>
>> ipa: ERROR: invliad 'sshpubkey': must be binary data
>>
>> I know I can use the GUI, but as we could be rolling out a large
>> number
>> of systems in coming months, that's not a good long-term option.
>> So does
>> anyone know a way to make the CLI tools work?
>>
>> Second question: is there a way to update the SSHFP records
>> apart from
>> using the CLI tools as above?
>>
>>
>> A pub key consists of 3 pieces of data: the key type, the key and a
>> comment.
>>
>> What version of IPA? IIRC in v2 only the key material itself was
>> supported. This cli command should work with a v3 server which
>> requires all 3 pieces.
>>
>> I imagine you could use dnsrecord-mod/add to manage the SSHFP record
>> but that could lead to different values in the DNS and host entry if
>> not done carefully.
>>
>> rob
>>
>>
>>
>
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Can't update ssh keys

2013-08-09 Thread Bret Wortman 
V3.1.something. I'm not at the office again till Monday.

On Fri, Aug 9, 2013 at 1:22 PM, Rob Crittenden 
wrote:

> Bret Wortman wrote:
>> Any time I try to use the command-line utilities to add a host (this
>> includes ipa-client-install):
>>
>> #ipa host-mod host.damascusgrp.com
>>  --updatedns
>> --sshpubkey="`cat /etc/ssh/ssh_host_rsa_key.pub`"
>> ipa: ERROR: invliad 'sshpubkey': must be binary data
>>
>> I know I can use the GUI, but as we could be rolling out a large number
>> of systems in coming months, that's not a good long-term option. So does
>> anyone know a way to make the CLI tools work?
>>
>> Second question: is there a way to update the SSHFP records apart from
>> using the CLI tools as above?
> A pub key consists of 3 pieces of data: the key type, the key and a comment.
> What version of IPA? IIRC in v2 only the key material itself was 
> supported. This cli command should work with a v3 server which requires 
> all 3 pieces.
> I imagine you could use dnsrecord-mod/add to manage the SSHFP record but 
> that could lead to different values in the DNS and host entry if not 
> done carefully.
> rob___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Can't update ssh keys

2013-08-09 Thread Rob Crittenden 

Bret Wortman wrote:

Any time I try to use the command-line utilities to add a host (this
includes ipa-client-install):

#ipa host-mod host.damascusgrp.com
 --updatedns
--sshpubkey="`cat /etc/ssh/ssh_host_rsa_key.pub`"
ipa: ERROR: invliad 'sshpubkey': must be binary data

I know I can use the GUI, but as we could be rolling out a large number
of systems in coming months, that's not a good long-term option. So does
anyone know a way to make the CLI tools work?

Second question: is there a way to update the SSHFP records apart from
using the CLI tools as above?


A pub key consists of 3 pieces of data: the key type, the key and a comment.

What version of IPA? IIRC in v2 only the key material itself was 
supported. This cli command should work with a v3 server which requires 
all 3 pieces.


I imagine you could use dnsrecord-mod/add to manage the SSHFP record but 
that could lead to different values in the DNS and host entry if not 
done carefully.


rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Can't update ssh keys

2013-08-09 Thread Bret Wortman 
Any time I try to use the command-line utilities to add a host (this
includes ipa-client-install):

#ipa host-mod 
host.damascusgrp.com--updatedns
--sshpubkey="`cat /etc/ssh/ssh_host_rsa_key.pub`"
ipa: ERROR: invliad 'sshpubkey': must be binary data

I know I can use the GUI, but as we could be rolling out a large number of
systems in coming months, that's not a good long-term option. So does
anyone know a way to make the CLI tools work?

Second question: is there a way to update the SSHFP records apart from
using the CLI tools as above?

Thanks!

*
*
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users