Bug 840657
Summary: | sshpubkey not accepting ssh keys in the right format for user | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Namita Soman <nsoman> |
Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | 6.4 | CC: | jgalipea, mkosek, sgallagh, spoore |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-3.0.0-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause: Identity Management SSH capabilities allows storage of public user or host SSH keys. However, the keys did not accept OpenSSH-style public key format, i.e. public key type, public key and a comment, but only the public key blob.
Consequence: Identity Management had to guess public key type based on the public key blob, which could have potentially caused an issue in future with new public key types. A comment attached to the public key may be also essential for some deployments.
Fix: Store SSH public keys in extended OpenSSH format.
Result: Stored SSH public keys now contain all required parts, thus making the functionality acceptable in more deployments.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 09:16:49 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Namita Soman
2012-07-16 20:22:45 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2932 Fixed upstream. master: 46ad724301e301d1bc96216b8873e704a37d35e3 ipa-3-0: 8a81d71b7856d1e40b99bd59757791bf7cf7dce2 Verified using ipa-server-3.0.0-8.el6.x86_64 # ipa user-mod one --sshpubkey="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5TA9rtXU8T4a2Iq0NQ6tjT+zxGBADpw6ahfBumyXud5H83HZsRTDNANnjfR3gdzKaPBIoHiV/n5NjOMHIRTOEh8QoKXIuhfUczjaLqv72zQP+grBXtWrZT307hCeDi510YGc4Zll8+uUvMkKmVAt6YlR4SsX3bB5TtRQTvlaKMemON8xQkDIyZA419MFxMQ5KVAchXB+bHPe9uJwWCs6cwPGllgAgQTEEbRy/ffyhEl92gXm7/oK2PJo6cKOmA9Zer7VE9JNMMJUvj+EukKF36RVtkbUWSPupPUv4FX5S7Amfh2F7zAnVam0bBYfNEMS4rb3VRKsyJj2IJwY2agh4Q== root.com" ------------------- Modified user "one" ------------------- User login: one First name: one Last name: onme Home directory: /home/one Login shell: /bin/sh Email address: one UID: 1019800001 GID: 1019800001 Account disabled: False SSH public key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5TA9rtXU8T4a2Iq0NQ6tjT+zxGBADpw6ahfBumyXud5H83HZsRTDNANnjfR3gdzKaPBIoHiV/n5NjOMHIRTOEh8QoKXIuhfUczjaLqv72zQP+grBXtWrZT307hCeDi510YGc4Zll8+uUvMkKmVAt6YlR4SsX3bB5TtRQTvlaKMemON8xQkDIyZA419MFxMQ5KVAchXB+bHPe9uJwWCs6cwPGllgAgQTEEbRy/ffyhEl92gXm7/oK2PJo6cKOmA9Zer7VE9JNMMJUvj+EukKF36RVtkbUWSPupPUv4FX5S7Amfh2F7zAnVam0bBYfNEMS4rb3VRKsyJj2IJwY2agh4Q== root.com Password: False Member of groups: ipausers Kerberos keys available: False SSH public key fingerprint: 9A:05:35:E1:FF:82:E2:16:3E:AC:EA:D2:1C:A2:CC:35 root.com (ssh-rsa) # ipa user-show one User login: one First name: one Last name: onme Home directory: /home/one Login shell: /bin/sh Email address: one UID: 1019800001 GID: 1019800001 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False SSH public key fingerprint: 9A:05:35:E1:FF:82:E2:16:3E:AC:EA:D2:1C:A2:CC:35 root.com (ssh-rsa) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html |