Re: [Freeipa-users] new issue with ssh key in the interface

Wed, 17 Jul 2013 06:53:17 -0700
I've tested your key on a fresh install of ipa-server-3.0.0-25.el6.x86_64 and it works for me. On the other hand, the description of the problem looks like a Web UI bug. 


Is it possible, that you recently upgraded IPA server and Web browser 
still contains some old files in a cache? Please try reloading the UI 
with forced cache override, usual shortcut: Ctrl + F5 or Ctrl + Shift + R


Petr

On 07/17/2013 03:04 PM, Armstrong, Kenneth Lawrence wrote:

Thanks Petr,

I am 100% positive that I pressed 'Set' and not 'Cancel'.

Here are the exact steps and keys I used:

Generate an ssh public key (for user):

ssh-keygen -t rsa -C karmstr...@liberty.edu<mailto:karmstr...@liberty.edu>

Cat out the key, paste into web interface for user:

cat .ssh/id_rsa.pub
ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew==
 karmstr...@liberty.edu<mailto:karmstr...@liberty.edu>


Web interface says that the key is set

Click Update on web interface, get IPA Error 4202 "no modifications to be 
performed"


Skip the web interface, try from command line, appears to succeed:

[karmstrong@linuxclient<mailto:karmstrong@linuxclient> ~]$ ipa user-mod karmstrong 
--sshpubkey="ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew==
 karmstr...@liberty.edu<mailto:karmstr...@liberty.edu>"
--------------------------
Modified user "karmstrong"
--------------------------
   User login: karmstrong
   First name: Kenneth
   Last name: Armstrong
   Home directory: /import/is/users/karmstrong
   Login shell: /bin/bash
   UID: 1838200001
   GID: 1838200001
   Account disabled: False
   SSH public key: ssh-rsa
                   
AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew==
                   karmstr...@liberty.edu
   Password: True
   Member of groups: ipausers, linux_admin, gensys
   Member of Sudo rule: sudo-all
   Kerberos keys available: True
   SSH public key fingerprint: 51:B0:DC:AD:B3:33:5F:DE:39:6C:6E:4F:35:E1:A4:90 
karmstr...@liberty.edu (ssh-rsa)



Double check the web interface, says that No Key is Set

Followed same procedure for a host, got the same exact results.

Tried to ssh as the user to the host that has keys set via command line, get 
the message that the keys could not be validated.

Thanks.

-Kenny

On Wed, 2013-07-17 at 10:33 +0200, Petr Vobornik wrote:


On 07/16/2013 07:24 PM, Armstrong, Kenneth Lawrence wrote:

Hello all,

i have a new problem with the SSH Key bit in the web interface.  I created a 
new ssh key for a user, and pasted it into the web interface for the user.  
Afterward, it said that the key was not set.  So I attempted again from the 
commandline, and it looks like it took it.  However, when I go back to the web 
interface, it doesn't show one set for the user.

I logged out of the interface and back in, but same story.

Running IPA server 3.0 on RHEL 6.4.

Any thoughts?

-Kenny



Hello Kenny,

When SSH Public keys field in Web UI displays: "New: key not set" it
means that the key was not set in 'Show/Set key' dialog. In other words
you did not paste anything into the textarea or you pressed 'Cancel'
button instead of 'Set' button.

If something is pasted and confirmed by 'Set' button it displays: 'New:
key set'. The last remaining step is to click on 'Update' button on the
header part of the page to confirm and perform all the changes you made
on the page.

When keys are set in LDAP you should see a line similar to following for
each key:
"13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)"
Each fingerprint is followed by 'Show/Set key' and 'Delete' buttons.

I can't comment the CLI part without more information: key and exact
command you used.

HTH





--
Petr Vobornik

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users






















					Reply via email to