lejeczek via FreeIPA-users wrote: > > > On 12/04/2022 11:21, Florence Blanc-Renaud wrote: >> Hi, >> >> if you already have ssh public keys in /etc/ssh/ssh_host_*.pub, you >> can do >> # ipa host-mod --updatedns --sshpubkey "*ssh-rsa AAAAB3NzaC...*" >> client.ipa.test >> (where the bold text is the content of your .pub file). >> >> Then in order to check what was done: >> # ipa dnsrecord-show ipa.test client >> Record name: client >> A record: 10.0.147.130 >> SSHFP record: 1 1 2D9747370DF5CEDDE66AC4DC354076326F466A0A, 1 2 >> 0B1FB068265381BE51CEA14D315C3A2647E98BC9672B0640045C9D5131BA404C >> >> You can check that they correspond using >> # ssh-keygen -r client.ipa.test -f /etc/ssh/ssh_host_rsa_key.pub >> client.ipa.test IN SSHFP 1 1 2d9747370df5cedde66ac4dc354076326f466a0a >> client.ipa.test IN SSHFP 1 2 >> 0b1fb068265381be51cea14d315c3a2647e98bc9672b0640045c9d5131ba404c >> >> The fingerprints are also visible using >> # ipa host-show client.ipa.test >> ... >> SSH public key fingerprint: SHA256:Cx... >> >> and can be checked using >> # ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub >> 3072 SHA256:Cx... >> >> Does it help? >> flo >> >> On Mon, Apr 11, 2022 at 9:20 PM lejeczek via FreeIPA-users >> <[email protected]> wrote: >> >> Hi guys. >> >> What is the correct way to update/modify server's >> sshfp records? >> >> I assumed those are in: /etc/ssh/ssh_host_*.pub >> and I should use 'host-mod --updatedns ..' >> but then such records do not look like what IPA >> had/created. >> >> many thanks, L >> _______________________________________________ >> > I've probably phrased poorly what I wanted to say. > I did that, as I said I did: 'host-mod --updatedns ..' and... > just after this I did: 'ipa host-show' > which showed also "ssh public key (FP separately as usually) records" > which puzzled me a bit as, those where not there for/from "regular" > client/replica install (including this host prior to manual update), > but...! > now those "ssh public key" records 'ipa host-show' does not show > anymore... now I begin to worry, or.. it's how IPA "behaves"?
I think it would help if you showed us what you are seeing, the exact commands, and what the output looks like vs what you expect. > ps. Flo, do the right thing, follow etiquette/lang rules. I'd like to > think it's not just conversation between us two. How do you like to read > your book? aha! exactly. Not sure what you mean. She replied to the list, not just to you. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
