Thanks Petr, I am 100% positive that I pressed 'Set' and not 'Cancel'.
Here are the exact steps and keys I used: Generate an ssh public key (for user): ssh-keygen -t rsa -C [email protected]<mailto:[email protected]> Cat out the key, paste into web interface for user: cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew== [email protected]<mailto:[email protected]> Web interface says that the key is set Click Update on web interface, get IPA Error 4202 "no modifications to be performed" Skip the web interface, try from command line, appears to succeed: [karmstrong@linuxclient<mailto:karmstrong@linuxclient> ~]$ ipa user-mod karmstrong --sshpubkey="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew== [email protected]<mailto:[email protected]>" -------------------------- Modified user "karmstrong" -------------------------- User login: karmstrong First name: Kenneth Last name: Armstrong Home directory: /import/is/users/karmstrong Login shell: /bin/bash UID: 1838200001 GID: 1838200001 Account disabled: False SSH public key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA8EDvuInIneXbzg9WrkLKBkVHB0O6bAPjNMF4dTyOqdwX2HDLtLVcW4VY7/03p6xOc014z3rio4GWXa3Othkf5/hqhpQR1C4CUGgSnnUVC7gw/aI9ZpFbp9UGQdEw7E6ii1qDmoyH80wA0pSMfp/Tg19mdm/3GKNqeNCtkpEyMQXyPBeNk0Xba4RXpGio98LOyOxONrYPi4/eR15vzoinBebDN4URAuUgNUxpRrrZp4cWV6W5Bu1zhKblPcAd6jP8qDv/Uty8Jew3GSRo7uZhxzPQQrw+0wBXrUSffPDEe5FH7gPy74J/EfHGtmhbThrrJQ5tmSuqiZnvbnxc3fv6ew== [email protected] Password: True Member of groups: ipausers, linux_admin, gensys Member of Sudo rule: sudo-all Kerberos keys available: True SSH public key fingerprint: 51:B0:DC:AD:B3:33:5F:DE:39:6C:6E:4F:35:E1:A4:90 [email protected] (ssh-rsa) Double check the web interface, says that No Key is Set Followed same procedure for a host, got the same exact results. Tried to ssh as the user to the host that has keys set via command line, get the message that the keys could not be validated. Thanks. -Kenny On Wed, 2013-07-17 at 10:33 +0200, Petr Vobornik wrote: On 07/16/2013 07:24 PM, Armstrong, Kenneth Lawrence wrote: > Hello all, > > i have a new problem with the SSH Key bit in the web interface. I created a > new ssh key for a user, and pasted it into the web interface for the user. > Afterward, it said that the key was not set. So I attempted again from the > commandline, and it looks like it took it. However, when I go back to the > web interface, it doesn't show one set for the user. > > I logged out of the interface and back in, but same story. > > Running IPA server 3.0 on RHEL 6.4. > > Any thoughts? > > -Kenny > Hello Kenny, When SSH Public keys field in Web UI displays: "New: key not set" it means that the key was not set in 'Show/Set key' dialog. In other words you did not paste anything into the textarea or you pressed 'Cancel' button instead of 'Set' button. If something is pasted and confirmed by 'Set' button it displays: 'New: key set'. The last remaining step is to click on 'Update' button on the header part of the page to confirm and perform all the changes you made on the page. When keys are set in LDAP you should see a line similar to following for each key: "13:67:6B:BF:4E:A2:05:8E:AE:25:8B:A1:31:DE:6F:1B public key test (ssh-rsa)" Each fingerprint is followed by 'Show/Set key' and 'Delete' buttons. I can't comment the CLI part without more information: key and exact command you used. HTH
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
