Results 1 to 5 of 5

Thread: zmsshkeygen

Hybrid View

  1. #1
    Join Date
    Nov 2005
    Location
    London, ON
    Posts
    255
    Rep Power
    9

    Default zmsshkeygen

    In my attempt to get LDAP replication working I have stumbled upon a problem. I was trying to do a zmupdateauthkeys but the command couldn't find any keys for any of my servers. So I decided to run zmsshkeygen, it starts out fine, by then it chokes when it tries to put the key into the LDAP tree. It states the attribute must only be 1024 in length, but the length of the zimbra_identity.pub file is 1120.
    Code:
    Generating public/private dsa key pair.
    Your identification has been saved in /opt/zimbra/.ssh/zimbra_identity.
    Your public key has been saved in /opt/zimbra/.ssh/zimbra_identity.pub.
    The key fingerprint is:
    xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx jumbo.xxxxx.on.ca
    ERROR: account.INVALID_ATTR_VALUE (zimbrasshpublickey value length(1120) larger then max allowed: 1024)
    I have tried to go through the process manually, and I still got stuck in the same spot, I even tried to put just the key into the LDAP tree, meaning excluding the ssh-dss at the beginning of the file and the hostname at the end.

    I'd really appreciate some help on this, if there is anything I can do or help in any way please let me know, because this is a big problem for me as I can't move forward without this.

  2. #2
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default

    That's not good. Which OS are you on? WHen I run it, I get a shorter file...the

    Edit /opt/zimbra/openldap/etc/openldap/schema/zimbra.schema

    Look for this section:

    attributetype ( zimbraSshPublicKey
    NAME 'zimbraSshPublicKey'
    DESC 'Public key of this server, used by other hosts to authorize this server to login.'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024}
    SINGLE-VALUE )

    Change the 1024 in the SYNTAX line to 2048 and restart ldap.

  3. #3
    Join Date
    Nov 2005
    Location
    London, ON
    Posts
    255
    Rep Power
    9

    Default

    Thanks for the reply Marcmac

    I am running Fedora Core 4, with openssh-clients-4.2p1-fc4.10 and openssh-server-4.2p1-fc4.10. I made the changes to the schema file
    Code:
    attributetype ( zimbraSshPublicKey
            NAME 'zimbraSshPublicKey'
            DESC 'Public key of this server, used by other hosts to authorize this server to login.'
            EQUALITY caseIgnoreIA5Match
            SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{2048}
            SINGLE-VALUE )
    I have completely restarted Zimbra a few times as well as rebooted the system, but it is still coming back with the same result.
    Code:
    ERROR: account.INVALID_ATTR_VALUE (zimbrasshpublickey value length(1120) larger then max allowed: 1024)
    It doesn't make sense to me. I looked in the slapd.conf file and it is loading the schema file. I don't much about LDAP.... do i have to push the change into the tree somehow or is that what the schema is supposed to do.

    Thanks

  4. #4
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default

    If you edit the ssh-keygen line in zmsshkeygen to include a length option "-b 1024" how long is the public key file? (wc .ssh/zimbra_identity.pub will give that).

  5. #5
    Join Date
    Nov 2005
    Location
    London, ON
    Posts
    255
    Rep Power
    9

    Default

    This seems to work much, much better. When I do a wc -m on the zimbra_identity.pub file it returns 609. As well there was no problem running the zmsshkeygen it returns without error.

    Edit ---
    I was reading the manual page for my version of ssh-keygen and the default if no -b switch is provided is 2048, is that the same for you?
    Last edited by rsharpe; 03-01-2006 at 09:09 AM. Reason: Addition

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •