[Freeipa-users] Installed OpenSSH server does not support dynamically loading authorized user keys - no key login support

Vaclav Adamec vaclav.adamec at suchy-zleb.cz
Tue Nov 11 14:20:41 UTC 2014 

Here it is:

2014-11-11T11:45:33Z DEBUG stderr=
2014-11-11T11:45:33Z DEBUG Backing up system configuration file
'/etc/ssh/ssh_config'
2014-11-11T11:45:33Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2014-11-11T11:45:33Z INFO Configured /etc/ssh/ssh_config
2014-11-11T11:45:33Z DEBUG Backing up system configuration file
'/etc/ssh/sshd_config'
2014-11-11T11:45:33Z DEBUG Saving Index File to
'/var/lib/ipa-client/sysrestore/sysrestore.index'
2014-11-11T11:45:33Z DEBUG args=sshd -t -f /dev/null -o
AuthorizedKeysCommand=
2014-11-11T11:45:33Z DEBUG stdout=
2014-11-11T11:45:33Z DEBUG stderr=command-line line 0:
AuthorizedKeysCommand must be an absolute path

2014-11-11T11:45:33Z DEBUG args=sshd -t -f /dev/null -o PubKeyAgent=
2014-11-11T11:45:33Z DEBUG stdout=
2014-11-11T11:45:33Z DEBUG stderr=command-line: line 0: Bad configuration
option: PubKeyAgent

2014-11-11T11:45:33Z WARNING Installed OpenSSH server does not support
dynamically loading authorized user keys. Public key authentication of IPA
users will not be available.
2014-11-11T11:45:33Z INFO Configured /etc/ssh/sshd_config
2014-11-11T11:45:33Z DEBUG args=/sbin/service sshd status
2014-11-11T11:45:33Z DEBUG stdout=openssh-daemon (pid  24698) is running...


On Tue, Nov 11, 2014 at 3:15 PM, Rob Crittenden <rcritten at redhat.com> wrote:

> Vaclav Adamec wrote:
> > Hi,
> >  I'm getting "Installed OpenSSH server does not support dynamically
> > loading authorized user keys. Public key authentication of IPA users
> > will not be available" during ipa client install on CentOS 6.6
> >
> > Packages openssh-server-6.1p1-5.el6.1.x86_64 and
> > ipa-client-3.0.0-42.el6.centos.x86_64
> >
> > Manual setup of  "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys"
> > in /etc/ssh/sshd_config is ok.
> >
> > Any reason for that ?
> >
>
> I'd check the client install log for more details,
> /var/log/ipaclient-install.log
>
> A number of different permutations are tried and the log should have
> more details on which ones failed (and hopefully why).
>
> rob
>



-- 
-- May the fox be with you ...
   /\
  (~(
   ) )         /\_/\
  (_=---_(@ @)
    (          \   /
    /|/----\|\  V
    " "     " "
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141111/27ed90f7/attachment.htm>

More information about the Freeipa-users mailing list