Thanks Petr,

I am 100% positive that I pressed 'Set' and not 'Cancel'.

Here are the exact steps and keys I used:

Generate an ssh public key (for user):

ssh-keygen -t rsa -C<>

Cat out the key, paste into web interface for user:

cat .ssh/

Web interface says that the key is set

Click Update on web interface, get IPA Error 4202 "no modifications to be 

Skip the web interface, try from command line, appears to succeed:

[karmstrong@linuxclient<mailto:karmstrong@linuxclient> ~]$ ipa user-mod 
karmstrong --sshpubkey="ssh-rsa 
Modified user "karmstrong"
  User login: karmstrong
  First name: Kenneth
  Last name: Armstrong
  Home directory: /import/is/users/karmstrong
  Login shell: /bin/bash
  UID: 1838200001
  GID: 1838200001
  Account disabled: False
  SSH public key: ssh-rsa
  Password: True
  Member of groups: ipausers, linux_admin, gensys
  Member of Sudo rule: sudo-all
  Kerberos keys available: True
  SSH public key fingerprint: 51:B0:DC:AD:B3:33:5F:DE:39:6C:6E:4F:35:E1:A4:90 (ssh-rsa)

Double check the web interface, says that No Key is Set

Followed same procedure for a host, got the same exact results.

Tried to ssh as the user to the host that has keys set via command line, get 
the message that the keys could not be validated.



On Wed, 2013-07-17 at 10:33 +0200, Petr Vobornik wrote:

On 07/16/2013 07:24 PM, Armstrong, Kenneth Lawrence wrote:
> Hello all,
> i have a new problem with the SSH Key bit in the web interface.  I created a 
> new ssh key for a user, and pasted it into the web interface for the user.  
> Afterward, it said that the key was not set.  So I attempted again from the 
> commandline, and it looks like it took it.  However, when I go back to the 
> web interface, it doesn't show one set for the user.
> I logged out of the interface and back in, but same story.
> Running IPA server 3.0 on RHEL 6.4.
> Any thoughts?
> -Kenny

Hello Kenny,

When SSH Public keys field in Web UI displays: "New: key not set" it
means that the key was not set in 'Show/Set key' dialog. In other words
you did not paste anything into the textarea or you pressed 'Cancel'
button instead of 'Set' button.

If something is pasted and confirmed by 'Set' button it displays: 'New:
key set'. The last remaining step is to click on 'Update' button on the
header part of the page to confirm and perform all the changes you made
on the page.

When keys are set in LDAP you should see a line similar to following for
each key:
"13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)"
Each fingerprint is followed by 'Show/Set key' and 'Delete' buttons.

I can't comment the CLI part without more information: key and exact
command you used.


Freeipa-users mailing list

Reply via email to