Bret Wortman wrote:
Any time I try to use the command-line utilities to add a host (this
includes ipa-client-install):

#ipa host-mod
<> --updatedns
--sshpubkey="`cat /etc/ssh/`"
ipa: ERROR: invliad 'sshpubkey': must be binary data

I know I can use the GUI, but as we could be rolling out a large number
of systems in coming months, that's not a good long-term option. So does
anyone know a way to make the CLI tools work?

Second question: is there a way to update the SSHFP records apart from
using the CLI tools as above?

A pub key consists of 3 pieces of data: the key type, the key and a comment.

What version of IPA? IIRC in v2 only the key material itself was supported. This cli command should work with a v3 server which requires all 3 pieces.

I imagine you could use dnsrecord-mod/add to manage the SSHFP record but that could lead to different values in the DNS and host entry if not done carefully.


