Hi, if you already have ssh public keys in /etc/ssh/ssh_host_*.pub, you can do # ipa host-mod --updatedns --sshpubkey "*ssh-rsa AAAAB3NzaC...*" client.ipa.test (where the bold text is the content of your .pub file).
Then in order to check what was done: # ipa dnsrecord-show ipa.test client Record name: client A record: 10.0.147.130 SSHFP record: 1 1 2D9747370DF5CEDDE66AC4DC354076326F466A0A, 1 2 0B1FB068265381BE51CEA14D315C3A2647E98BC9672B0640045C9D5131BA404C You can check that they correspond using # ssh-keygen -r client.ipa.test -f /etc/ssh/ssh_host_rsa_key.pub client.ipa.test IN SSHFP 1 1 2d9747370df5cedde66ac4dc354076326f466a0a client.ipa.test IN SSHFP 1 2 0b1fb068265381be51cea14d315c3a2647e98bc9672b0640045c9d5131ba404c The fingerprints are also visible using # ipa host-show client.ipa.test ... SSH public key fingerprint: SHA256:Cx... and can be checked using # ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub 3072 SHA256:Cx... Does it help? flo On Mon, Apr 11, 2022 at 9:20 PM lejeczek via FreeIPA-users < [email protected]> wrote: > Hi guys. > > What is the correct way to update/modify server's sshfp records? > > I assumed those are in: /etc/ssh/ssh_host_*.pub > and I should use 'host-mod --updatedns ..' > but then such records do not look like what IPA had/created. > > many thanks, L > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
