[Freeipa-users] Installed OpenSSH server does not support dynamically loading authorized user keys - no key login support

Rob Crittenden rcritten at redhat.com
Tue Nov 11 14:44:05 UTC 2014 

Vaclav Adamec wrote:
> Here it is:
> 
> 2014-11-11T11:45:33Z DEBUG stderr=
> 2014-11-11T11:45:33Z DEBUG Backing up system configuration file
> '/etc/ssh/ssh_config'
> 2014-11-11T11:45:33Z DEBUG Saving Index File to
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2014-11-11T11:45:33Z INFO Configured /etc/ssh/ssh_config
> 2014-11-11T11:45:33Z DEBUG Backing up system configuration file
> '/etc/ssh/sshd_config'
> 2014-11-11T11:45:33Z DEBUG Saving Index File to
> '/var/lib/ipa-client/sysrestore/sysrestore.index'
> 2014-11-11T11:45:33Z DEBUG args=sshd -t -f /dev/null -o
> AuthorizedKeysCommand=
> 2014-11-11T11:45:33Z DEBUG stdout=
> 2014-11-11T11:45:33Z DEBUG stderr=command-line line 0:
> AuthorizedKeysCommand must be an absolute path
> 
> 2014-11-11T11:45:33Z DEBUG args=sshd -t -f /dev/null -o PubKeyAgent=
> 2014-11-11T11:45:33Z DEBUG stdout=
> 2014-11-11T11:45:33Z DEBUG stderr=command-line: line 0: Bad
> configuration option: PubKeyAgent
> 
> 2014-11-11T11:45:33Z WARNING Installed OpenSSH server does not support
> dynamically loading authorized user keys. Public key authentication of
> IPA users will not be available.
> 2014-11-11T11:45:33Z INFO Configured /etc/ssh/sshd_config
> 2014-11-11T11:45:33Z DEBUG args=/sbin/service sshd status
> 2014-11-11T11:45:33Z DEBUG stdout=openssh-daemon (pid  24698) is running...

Seems to be different behavior from sshd. What version do you have
installed?

On my RHEL-6.x box I see:

2014-11-11T14:40:00Z DEBUG args=sshd -t -f /dev/null -o
AuthorizedKeysCommand=
2014-11-11T14:40:00Z DEBUG stdout=
2014-11-11T14:40:00Z DEBUG stderr=
2014-11-11T14:40:00Z INFO Configured /etc/ssh/sshd_config

rob

> 
> 
> On Tue, Nov 11, 2014 at 3:15 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
> 
>     Vaclav Adamec wrote:
>     > Hi,
>     >  I'm getting "Installed OpenSSH server does not support dynamically
>     > loading authorized user keys. Public key authentication of IPA users
>     > will not be available" during ipa client install on CentOS 6.6
>     >
>     > Packages openssh-server-6.1p1-5.el6.1.x86_64 and
>     > ipa-client-3.0.0-42.el6.centos.x86_64
>     >
>     > Manual setup of  "AuthorizedKeysCommand
>     /usr/bin/sss_ssh_authorizedkeys"
>     > in /etc/ssh/sshd_config is ok.
>     >
>     > Any reason for that ?
>     >
> 
>     I'd check the client install log for more details,
>     /var/log/ipaclient-install.log
> 
>     A number of different permutations are tried and the log should have
>     more details on which ones failed (and hopefully why).
> 
>     rob
> 
> 
> 
> 
> -- 
> -- May the fox be with you ...
>    /\
>   (~(
>    ) )         /\_/\
>   (_=---_(@ @)
>     (          \   / 
>     /|/----\|\  V
>     " "     " "
> 
> 
> 
>

More information about the Freeipa-users mailing list