[Freeipa-devel] [PATCH] 69 Configure SSH features of SSSD in ipa-client-install
Jan Cholasta
jcholast at redhat.com
Wed Feb 29 09:52:57 UTC 2012
On 28.2.2012 23:42, Rob Crittenden wrote:
> Jan Cholasta wrote:
>> Hi,
>>
>> this patch configures the new SSH features of SSSD in ipa-client-install.
>>
>> To test it, you need to have SSSD 1.8.0 installed.
>>
>> Honza
>>
>
>
> Is there a better name for 'GlobalKnownHostsFile2'?
What do you mean? The option name or the file name? Either way, I don't
think there is a better name.
>
> When is PubKeyAgent used?I tried in RHEL 6.2, F-11 and F15-17 and it was
> an unknown option in all.
It's in openssh in RHEL 6.0.
>
> Should you test for the existence of /usr/bin/sss_ssh_knownhostsproxy
> and /usr/bin/sss_ssh_authorizedkeys before setting it in a config file?
It depends. Do we want to support clients with SSSD < 1.8.0?
>
> How would you recommend testing this? Enroll a client and try to log
> into the IPA server?
To test host authentication, you need an IPA host with SSH public keys
set (which is done automatically in ipa-client-install, so any IPA host
should work) and try to ssh into that host from other (actually, it can
be the same) IPA host. You should not see "The authenticity of host ...
can't be estabilished" ssh message.
To test user authentication, you need an IPA user with SSH public keys
set. To do that, you need to set the public keys using ipa user-mod. You
should then be able to authenticate using your private key on any IPA host.
>
> rob
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list