[Freeipa-users] RHEL5 clients not getting ssh key

Aric Wilisch awilisch at gmail.com
Thu Apr 30 19:36:44 UTC 2015 

I wish I could, but unfortunately these are RHEL 5 because the client has not yet upgraded their software to work on 6 or 7, so I’m stuck with a RHEL 5 infrastructure for awhile. 

As long as it authenticates and sudo works we may just have to live with the keys not working. 

Thanks for the info though. I might try 1.9 and see if that fixes the problem. 

Regards,
------------------------------------------
Aric Wilisch
awilisch at gmail.com




> On Apr 30, 2015, at 10:42 AM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> 
> On Thu, Apr 30, 2015 at 04:32:30PM +0200, Lukas Slebodnik wrote:
>> On (30/04/15 15:34), Jakub Hrozek wrote:
>>> On Thu, Apr 30, 2015 at 03:13:44PM +0200, Martin Kosek wrote:
>>>> On 04/30/2015 02:56 PM, Aric Wilisch wrote:
>>>>> Is there a trick to getting a users SSH key that’s attached to their FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6 clients with no issues but they still get prompted for their passwords on the RHEL 5 server, so it’s not pushing down their ssh keys. 
>>>>> 
>>>>> Thanks!
>>>>> 
>>>>> Regards,
>>>>> ------------------------------------------
>>>>> Aric Wilisch
>>>>> awilisch at gmail.com
>>>> 
>>>> Well, RHEL-5's latest build should be sssd-1.5.1-71.el5, but the SSH public key
>>>> support was added in SSSD 1.8:
>>>> 
>>>> https://fedorahosted.org/sssd/ticket/610
>>>> 
>>>> So I do not know any way besides upgrading to RHEL-6/RHEL-7 or backporting the
>>>> SSSD 1.8+ yourself (which I do not expect to be an easy task).
>>> 
>>> The 1.9 branch should build and work on RHEL-5.
>>> 
>> But IIRC openssh-server should be patched as well.
> 
> Perhaps, you definitely need the AuthorizedKeysCommand and similar.
> Honza might know best..
> 
> At any rate, upgrading from RHEL-5 to something recent is a good idea
> :-)
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users <https://www.redhat.com/mailman/listinfo/freeipa-users>
> Go to http://freeipa.org <http://freeipa.org/> for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150430/d9fea541/attachment.htm>

More information about the Freeipa-users mailing list