[Freeipa-users] setup key-based ssh using freeipa
Andrew Holway
andrew.holway at gmail.com
Sun Apr 20 08:29:56 UTC 2014
This should just work. Are you sure that you added the key properly?
Make sure you click the "update" link after adding the key. I often
made this mistake in the past.
On 20 April 2014 09:17, quest monger <quest.monger at gmail.com> wrote:
> I already ran that command to configure centos host as client. I used
> 'ipa-client-install --mkhomedir --no-ntp'.
> Now my IPA users are able to SSH to that box, using passwords set in IPA.
> Next I would like them to SSH using keys.
> When I looked through the document for more info, I found this line - 'After
> uploading the user keys, configure SSSD to use FreeIPA as one of its
> identity domains and set up OpenSSH to use the SSSD tooling for managing
> user keys.'
> I was hoping someone can shed light on how to do that. Or if someone has
> configured their IPA clients to enable key-based SSH to clients, can they
> please share their experience.
>
> Thanks.
>
>
>
> On Thu, Apr 17, 2014 at 5:48 PM, Dmitri Pal <dpal at redhat.com> wrote:
>>
>> On 04/17/2014 02:42 PM, quest monger wrote:
>>
>> I have setup freeipa server, and added a centos client that my ipa users
>> can now ssh too by using the freeipa account credentials.
>> Now, i would like my users to be able to ssh to this centos client using
>> keys.
>> I read this -
>> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/user-keys.html
>> I generated the key-pair, and added the public key to user account in
>> freeipa web console.
>>
>> Towards the end of that document, i found this -
>> "After uploading the user keys, configure SSSD to use FreeIPA as one of
>> its identity domains and set up OpenSSH to use the SSSD tooling for managing
>> user keys."
>> No instructions in the document on how to do this.
>>
>> Do i need to do anything on the centos client-side to make this work?
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>> yum install ipa-client
>>
>> then run ipa-client-install with arguments you need (see man pages or
>> manual) which will configure your client. Depending on the version it will
>> also be able to configure SSH integration.
>>
>> See man on ipa-client-install
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list