[Freeipa-users] setup key-based ssh using freeipa

quest monger quest.monger at gmail.com
Sun Apr 20 08:17:34 UTC 2014 

I already ran that command to configure centos host as client. I used
'ipa-client-install --mkhomedir --no-ntp'.
Now my IPA users are able to SSH to that box, using passwords set in IPA.
Next I would like them to SSH using keys.
When I looked through the document for more info, I found this line - 'After
uploading the user keys, configure SSSD to use FreeIPA as one of its
identity domains and set up OpenSSH to use the SSSD tooling for managing
user keys.'
I was hoping someone can shed light on how to do that. Or if someone has
configured their IPA clients to enable key-based SSH to clients, can they
please share their experience.

Thanks.



On Thu, Apr 17, 2014 at 5:48 PM, Dmitri Pal <dpal at redhat.com> wrote:

>  On 04/17/2014 02:42 PM, quest monger wrote:
>
>  I have setup freeipa server, and added a centos client that my ipa users
> can now ssh too by using the freeipa account credentials.
> Now, i would like my users to be able to ssh to this centos client using
> keys.
> I read this - http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA
> _Guide/user-keys.html
> I generated the key-pair, and added the public key to user account in
> freeipa web console.
>
>   Towards the end of that document, i found this -
> "After uploading the user keys, configure SSSD to use FreeIPA as one of
> its identity domains and set up OpenSSH to use the SSSD tooling for
> managing user keys."
> No instructions in the document on how to do this.
>
>  Do i need to do anything on the centos client-side to make this work?
>
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>  yum install ipa-client
>
> then run ipa-client-install with arguments you need (see man pages or
> manual) which will configure your client. Depending on the version it will
> also be able to configure SSH integration.
>
> See man on ipa-client-install
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140420/60ee8ef1/attachment.htm>

More information about the Freeipa-users mailing list