Discussion:
[Freeipa-users] [freeipa-users] errors when trying to add public SSH key to user
Armstrong, Kenneth Lawrence
2013-07-15 14:40:19 UTC
Permalink
I'm trying to add an SSH public key to a user, and I keep getting IPA Error 3009 or IPA Error 3008 when I try to update the page. I have copied over the exact contents of the .ssh/id_rsa.pub file. Even if I take the username portion out at the end of the file, I still get the same error messages.

When I try to add it from the command line, I get:

ipa: ERROR: invalid 'sshpubkey': invalid SSH public key

And yes, I verified that ssh-rsa is at the beginning of the key output.

This is on a RHEL 6 server.

Any thoughts?

Thanks.

-Kenny
Jan Pazdziora
2013-07-15 15:09:40 UTC
Permalink
Post by Armstrong, Kenneth Lawrence
I'm trying to add an SSH public key to a user, and I keep getting IPA Error 3009 or IPA Error 3008 when I try to update the page. I have copied over the exact contents of the .ssh/id_rsa.pub file. Even if I take the username portion out at the end of the file, I still get the same error messages.
ipa: ERROR: invalid 'sshpubkey': invalid SSH public key
And yes, I verified that ssh-rsa is at the beginning of the key output.
This is on a RHEL 6 server.
Any thoughts?
Does it fail even if you do not copy-n-paste the key but let shell
expand it as

ipa user-mod demo --sshpubkey "$( cat /tmp/demo.pub )"

?
--
Jan Pazdziora | adelton at #ipa*, #brno
Principal Software Engineer, Identity Management Engineering, Red Hat
Armstrong, Kenneth Lawrence
2013-07-15 15:13:49 UTC
Permalink
Good thought. I just tried it and it still fails:

[***@linuxtest<mailto:***@linuxtest> ~]$ ipa user-mod karmstrong --sshpubkey "$(cat .ssh/id_rsa.pub)"
ipa: ERROR: invalid 'sshpubkey': invalid SSH public key
Post by Armstrong, Kenneth Lawrence
I'm trying to add an SSH public key to a user, and I keep getting IPA Error 3009 or IPA Error 3008 when I try to update the page. I have copied over the exact contents of the .ssh/id_rsa.pub file. Even if I take the username portion out at the end of the file, I still get the same error messages.
ipa: ERROR: invalid 'sshpubkey': invalid SSH public key
And yes, I verified that ssh-rsa is at the beginning of the key output.
This is on a RHEL 6 server.
Any thoughts?
Does it fail even if you do not copy-n-paste the key but let shell
expand it as

ipa user-mod demo --sshpubkey "$( cat /tmp/demo.pub )"

?
--
Kenny Armstrong
System Administrator
IS Operations

[Loading Image...>

Training Champions for Christ since 1971
Tomas Babej
2013-07-15 15:30:15 UTC
Permalink
Post by Armstrong, Kenneth Lawrence
ipa: ERROR: invalid 'sshpubkey': invalid SSH public key
Are you sure the ssh public key file is not damaged? The following sequence of commands works for me (verified now):

[***@vm-154 tbabej]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /home/tbabej/test_rsa
[..]

[***@vm-154 tbabej]# ipa user-mod admin --sshpubkey "$(cat test_rsa.pub)"
---------------------
Modified user "admin"
---------------------
User login: admin
Last name: Administrator
Home directory: /home/admin
Login shell: /bin/bash
[..]

Tomas
Armstrong, Kenneth Lawrence
2013-07-15 15:36:46 UTC
Permalink
I do not believe that it is damaged. I have tried this out three times now (deleting the key files between each attempt).

-Kenny
Post by Armstrong, Kenneth Lawrence
ipa: ERROR: invalid 'sshpubkey': invalid SSH public key
Are you sure the ssh public key file is not damaged? The following sequence of commands works for me (verified now):



[***@vm-154 tbabej]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa): /home/tbabej/test_rsa

[..]



[***@vm-154 tbabej]# ipa user-mod admin --sshpubkey "$(cat test_rsa.pub)"

---------------------

Modified user "admin"

---------------------

User login: admin

Last name: Administrator

Home directory: /home/admin

Login shell: /bin/bash

[..]



Tomas
Tomas Babej
2013-07-15 15:41:50 UTC
Permalink
Post by Armstrong, Kenneth Lawrence
I do not believe that it is damaged. I have tried this out three times now (deleting the key files between each attempt).
-Kenny
What is the version of your IPA server?

Tomas
Armstrong, Kenneth Lawrence
2013-07-15 15:42:51 UTC
Permalink
ipa-server-2.2.0-17.el6_3.1.x86_64

-Kenny
I do not believe that it is damaged. I have tried this out three times now (deleting the key files between each attempt).
-Kenny
What is the version of your IPA server?



Tomas
James Hogarth
2013-07-15 17:25:21 UTC
Permalink
ipa-server-2.2.0-17.el6_3.1.x86_64
Think I see the problem here ....
Armstrong, Kenneth Lawrence
2013-07-15 18:30:11 UTC
Permalink
On Mon, 2013-07-15 at 18:25 +0100, James Hogarth wrote:



ipa-server-2.2.0-17.el6_3.1.x86_64







Think I see the problem here ....


From the 3.0 release notes:

* SSH public key format has been changed to OpenSSH-style public keys.


http://www.freeipa.org/page/IPAv3_300_ga



You really ought to get those servers updated to RHEL 6.4 with IPA 3.0 (which is part of 6.4) ...



Ok, we'll go through an upgrade first then try it again. Thanks!
Continue reading on narkive:
Loading...