[Freeipa-users] Installed OpenSSH server does not support dynamically loading authorized user keys - no key login support
Rob Crittenden
rcritten at redhat.com
Tue Nov 11 14:44:05 UTC 2014
Vaclav Adamec wrote:
> Here it is:
>
> 2014-11-11T11:45:33Z DEBUG stderr=
> 2014-11-11T11:45:33Z DEBUG Backing up system configuration file
> '/etc/ssh/ssh_config'
> 2014-11-11T11:45:33Z DEBUG Saving Index File to
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2014-11-11T11:45:33Z INFO Configured /etc/ssh/ssh_config
> 2014-11-11T11:45:33Z DEBUG Backing up system configuration file
> '/etc/ssh/sshd_config'
> 2014-11-11T11:45:33Z DEBUG Saving Index File to
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2014-11-11T11:45:33Z DEBUG args=sshd -t -f /dev/null -o
> AuthorizedKeysCommand=
> 2014-11-11T11:45:33Z DEBUG stdout=
> 2014-11-11T11:45:33Z DEBUG stderr=command-line line 0:
> AuthorizedKeysCommand must be an absolute path
>
> 2014-11-11T11:45:33Z DEBUG args=sshd -t -f /dev/null -o PubKeyAgent=
> 2014-11-11T11:45:33Z DEBUG stdout=
> 2014-11-11T11:45:33Z DEBUG stderr=command-line: line 0: Bad
> configuration option: PubKeyAgent
>
> 2014-11-11T11:45:33Z WARNING Installed OpenSSH server does not support
> dynamically loading authorized user keys. Public key authentication of
> IPA users will not be available.
> 2014-11-11T11:45:33Z INFO Configured /etc/ssh/sshd_config
> 2014-11-11T11:45:33Z DEBUG args=/sbin/service sshd status
> 2014-11-11T11:45:33Z DEBUG stdout=openssh-daemon (pid 24698) is running...
Seems to be different behavior from sshd. What version do you have
installed?
On my RHEL-6.x box I see:
2014-11-11T14:40:00Z DEBUG args=sshd -t -f /dev/null -o
AuthorizedKeysCommand=
2014-11-11T14:40:00Z DEBUG stdout=
2014-11-11T14:40:00Z DEBUG stderr=
2014-11-11T14:40:00Z INFO Configured /etc/ssh/sshd_config
rob
>
>
> On Tue, Nov 11, 2014 at 3:15 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
> Vaclav Adamec wrote:
> > Hi,
> > I'm getting "Installed OpenSSH server does not support dynamically
> > loading authorized user keys. Public key authentication of IPA users
> > will not be available" during ipa client install on CentOS 6.6
> >
> > Packages openssh-server-6.1p1-5.el6.1.x86_64 and
> > ipa-client-3.0.0-42.el6.centos.x86_64
> >
> > Manual setup of "AuthorizedKeysCommand
> /usr/bin/sss_ssh_authorizedkeys"
> > in /etc/ssh/sshd_config is ok.
> >
> > Any reason for that ?
> >
>
> I'd check the client install log for more details,
> /var/log/ipaclient-install.log
>
> A number of different permutations are tried and the log should have
> more details on which ones failed (and hopefully why).
>
> rob
>
>
>
>
> --
> -- May the fox be with you ...
> /\
> (~(
> ) ) /\_/\
> (_=---_(@ @)
> ( \ /
> /|/----\|\ V
> " " " "
>
>
>
>
More information about the Freeipa-users
mailing list