[Freeipa-users] Installed OpenSSH server does not support dynamically loading authorized user keys - no key login support
Vaclav Adamec
vaclav.adamec at suchy-zleb.cz
Tue Nov 11 16:10:51 UTC 2014
openssh-6.1p1-5.el6.1.x86_64
libssh2-1.4.2-1.el6.x86_64
openssh-clients-6.1p1-5.el6.1.x86_64
openssh-server-6.1p1-5.el6.1.x86_64
it's up2date centos66 with 6.1 openssh, but same issue is for 6.7. I'll
check rpmspec if there is no issue with dynamically loading authorized user
keys, I'm not aware about any disabled functionality. Also I'll try fresh
CentOS 6.6 with default 5.3 openssh.
Vasek
On Tue, Nov 11, 2014 at 3:44 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> Vaclav Adamec wrote:
> > Here it is:
> >
> > 2014-11-11T11:45:33Z DEBUG stderr=
> > 2014-11-11T11:45:33Z DEBUG Backing up system configuration file
> > '/etc/ssh/ssh_config'
> > 2014-11-11T11:45:33Z DEBUG Saving Index File to
> > '/var/lib/ipa-client/sysrestore/sysrestore.index'
> > 2014-11-11T11:45:33Z INFO Configured /etc/ssh/ssh_config
> > 2014-11-11T11:45:33Z DEBUG Backing up system configuration file
> > '/etc/ssh/sshd_config'
> > 2014-11-11T11:45:33Z DEBUG Saving Index File to
> > '/var/lib/ipa-client/sysrestore/sysrestore.index'
> > 2014-11-11T11:45:33Z DEBUG args=sshd -t -f /dev/null -o
> > AuthorizedKeysCommand=
> > 2014-11-11T11:45:33Z DEBUG stdout=
> > 2014-11-11T11:45:33Z DEBUG stderr=command-line line 0:
> > AuthorizedKeysCommand must be an absolute path
> >
> > 2014-11-11T11:45:33Z DEBUG args=sshd -t -f /dev/null -o PubKeyAgent=
> > 2014-11-11T11:45:33Z DEBUG stdout=
> > 2014-11-11T11:45:33Z DEBUG stderr=command-line: line 0: Bad
> > configuration option: PubKeyAgent
> >
> > 2014-11-11T11:45:33Z WARNING Installed OpenSSH server does not support
> > dynamically loading authorized user keys. Public key authentication of
> > IPA users will not be available.
> > 2014-11-11T11:45:33Z INFO Configured /etc/ssh/sshd_config
> > 2014-11-11T11:45:33Z DEBUG args=/sbin/service sshd status
> > 2014-11-11T11:45:33Z DEBUG stdout=openssh-daemon (pid 24698) is
> running...
>
> Seems to be different behavior from sshd. What version do you have
> installed?
>
> On my RHEL-6.x box I see:
>
> 2014-11-11T14:40:00Z DEBUG args=sshd -t -f /dev/null -o
> AuthorizedKeysCommand=
> 2014-11-11T14:40:00Z DEBUG stdout=
> 2014-11-11T14:40:00Z DEBUG stderr=
> 2014-11-11T14:40:00Z INFO Configured /etc/ssh/sshd_config
>
> rob
>
> >
> >
> > On Tue, Nov 11, 2014 at 3:15 PM, Rob Crittenden <rcritten at redhat.com
> > <mailto:rcritten at redhat.com>> wrote:
> >
> > Vaclav Adamec wrote:
> > > Hi,
> > > I'm getting "Installed OpenSSH server does not support dynamically
> > > loading authorized user keys. Public key authentication of IPA
> users
> > > will not be available" during ipa client install on CentOS 6.6
> > >
> > > Packages openssh-server-6.1p1-5.el6.1.x86_64 and
> > > ipa-client-3.0.0-42.el6.centos.x86_64
> > >
> > > Manual setup of "AuthorizedKeysCommand
> > /usr/bin/sss_ssh_authorizedkeys"
> > > in /etc/ssh/sshd_config is ok.
> > >
> > > Any reason for that ?
> > >
> >
> > I'd check the client install log for more details,
> > /var/log/ipaclient-install.log
> >
> > A number of different permutations are tried and the log should have
> > more details on which ones failed (and hopefully why).
> >
> > rob
> >
> >
> >
> >
> > --
> > -- May the fox be with you ...
> > /\
> > (~(
> > ) ) /\_/\
> > (_=---_(@ @)
> > ( \ /
> > /|/----\|\ V
> > " " " "
> >
> >
> >
> >
>
>
--
-- May the fox be with you ...
/\
(~(
) ) /\_/\
(_=---_(@ @)
( \ /
/|/----\|\ V
" " " "
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141111/ae195801/attachment.htm>
More information about the Freeipa-users
mailing list