Red Hat Bugzilla – Bug 840657
sshpubkey not accepting ssh keys in the right format for user
Last modified: 2013-02-21 04:16:49 EST
Description of problem: When adding ssh keys for the user, can add the key, the type is recognized correctly to be ssh-rsa or ssh-dss. But the comments cannot be saved with the keys. Should be able to add shh key with all 3 parts of the file - # ipa user-mod one --sshpubkey="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHcTZHojrZgZmDSOCYbJjiU06jdPQM70KZnw9gdLh1+pyPR+YuEhSBMIj2ObcUs5yffq8RtTre/WIf9Mj/klY462MnPO89TxLCsSGUKcK+WCeoVQxUrwz6IYXc/IwKcd8sNg9qpjpxsXvoEt1cggMxrEBot4GekEn521VJENSjxnLFyoeS+rADTy5EMBRGw6rGAVwS6lF9id5JWF6NaJ6rtCKiMWJHX27l/2ryKY/2UqHco7sdpdsigZ4Ga+cO0hYZRLJuJlKXXo6GJgp1cvw9oAPMNJDxEC3eI6zIEYnkJdLGuYBzL0LW0j71GYDR3/96h6+YnnIw5XcLO3xwbts7 root@qe-blade-04.testrelm.com" ipa: ERROR: invalid 'sshpubkey': must be binary data Version-Release number of selected component (if applicable): freeipa-server-2.99.0-0.20120711T1433Zgit14ac219.fc17.x86_64 How reproducible: always Steps to Reproduce: 1. add a user 2. ssh-keygen -t rsa and store to /home/one_rsa 3. cat /home/one_rsa.pub 4. ipa user-mod one --sshpubkey=<paste contents of /home/one_rsa.pub> 5. ipa user-show one Actual results: output for step 4: ipa: ERROR: invalid 'sshpubkey': must be binary data Expected results: for step 4 : sshpubkey should accept the 3 parts of the public key worked around by using just the key (and not the encoding or comments) This is the expected format that administartor use/prefer Also in UI - when all 3 parts can be added - the comments should also be displayed. Currently it displays the key - the encoding, but no comments - since it wasn't entered. Additional info:
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2932
Fixed upstream. master: 46ad724301e301d1bc96216b8873e704a37d35e3 ipa-3-0: 8a81d71b7856d1e40b99bd59757791bf7cf7dce2
Verified using ipa-server-3.0.0-8.el6.x86_64 # ipa user-mod one --sshpubkey="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5TA9rtXU8T4a2Iq0NQ6tjT+zxGBADpw6ahfBumyXud5H83HZsRTDNANnjfR3gdzKaPBIoHiV/n5NjOMHIRTOEh8QoKXIuhfUczjaLqv72zQP+grBXtWrZT307hCeDi510YGc4Zll8+uUvMkKmVAt6YlR4SsX3bB5TtRQTvlaKMemON8xQkDIyZA419MFxMQ5KVAchXB+bHPe9uJwWCs6cwPGllgAgQTEEbRy/ffyhEl92gXm7/oK2PJo6cKOmA9Zer7VE9JNMMJUvj+EukKF36RVtkbUWSPupPUv4FX5S7Amfh2F7zAnVam0bBYfNEMS4rb3VRKsyJj2IJwY2agh4Q== root@ipaqavma.testrelm.com" ------------------- Modified user "one" ------------------- User login: one First name: one Last name: onme Home directory: /home/one Login shell: /bin/sh Email address: one@testrelm.com UID: 1019800001 GID: 1019800001 Account disabled: False SSH public key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5TA9rtXU8T4a2Iq0NQ6tjT+zxGBADpw6ahfBumyXud5H83HZsRTDNANnjfR3gdzKaPBIoHiV/n5NjOMHIRTOEh8QoKXIuhfUczjaLqv72zQP+grBXtWrZT307hCeDi510YGc4Zll8+uUvMkKmVAt6YlR4SsX3bB5TtRQTvlaKMemON8xQkDIyZA419MFxMQ5KVAchXB+bHPe9uJwWCs6cwPGllgAgQTEEbRy/ffyhEl92gXm7/oK2PJo6cKOmA9Zer7VE9JNMMJUvj+EukKF36RVtkbUWSPupPUv4FX5S7Amfh2F7zAnVam0bBYfNEMS4rb3VRKsyJj2IJwY2agh4Q== root@ipaqavma.testrelm.com Password: False Member of groups: ipausers Kerberos keys available: False SSH public key fingerprint: 9A:05:35:E1:FF:82:E2:16:3E:AC:EA:D2:1C:A2:CC:35 root@ipaqavma.testrelm.com (ssh-rsa) # ipa user-show one User login: one First name: one Last name: onme Home directory: /home/one Login shell: /bin/sh Email address: one@testrelm.com UID: 1019800001 GID: 1019800001 Account disabled: False Password: False Member of groups: ipausers Kerberos keys available: False SSH public key fingerprint: 9A:05:35:E1:FF:82:E2:16:3E:AC:EA:D2:1C:A2:CC:35 root@ipaqavma.testrelm.com (ssh-rsa)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html