[Freeipa-users] ipa-client-install remove the passwordless connection with root
Martin Kosek
mkosek at redhat.com
Wed Jun 3 08:52:15 UTC 2015
Thanks for update. Adding mailing list back, to be aware of the results.
Given this description, I wonder if this is hitting
https://bugzilla.redhat.com/show_bug.cgi?id=1201454
that is planned to be fixed in next RHEL-6 minor version.
On 06/03/2015 10:46 AM, bahan w wrote:
> Hello again.
>
> The problem was coming from the sshd_config file.
> The parameter PubkeyAuthentication=yes was placed after the parameter
> PasswordAuthentication=yes.
> I uncomment the PubkeyAuthentication=yes before the PasswprdAuthentication
> and now it works.
>
> The problem is solved.
>
> Best regards.
>
> Bahan
>
>
> On Wed, Jun 3, 2015 at 10:05 AM, bahan w <bahanw042014 at gmail.com> wrote:
>
>> Hello Martin.
>>
>> Unfortunately for me, I cannot migrate OS so I need to make it work with
>> RHEL 6.4. :-(
>>
>> Best regards.
>> Le 3 juin 2015 09:39, "Martin Kosek" <mkosek at redhat.com> a écrit :
>>
>>> On 06/02/2015 06:27 PM, bahan w wrote:
>>>> Hello !
>>>>
>>>> I send you this mail because I have a problem linked with SSH and
>>> FreeIPA.
>>>>
>>>> I have multiple servers :
>>>> - One with FreeIPA server 3.0.0-26
>>>> - The others with FreeIPA client 3.0.0-26
>>>>
>>>> They are running on RHEL 6.4.
>>>>
>>>> I configured a root user on each of them.
>>>> On one specific server, I created an rsa key in order to connect
>>>> passwordlessly from a specific server to all the others
>>>> ####
>>>> ssh-keygen -t rsa
>>>> ####
>>>>
>>>> I distributed the public key on all the others :
>>>> ####
>>>> for i in ${my_server_list}; do scp /root/.ssh/id_rsa.pub
>>>> $i:/root/.ssh/authorized_keys; done
>>>> ####
>>>>
>>>> Once it was done, I modified the rights on these files :
>>>> ####
>>>> for i in ${my_server_list}; do scp $i "chmod 644
>>>> /root/.ssh/authorized_keys"; done
>>>> ####
>>>>
>>>> And I was able to connect to all these servers without entering a
>>> password.
>>>> The system was working well.
>>>>
>>>> When I installed ipa-server on a specific server, this connection with
>>> the
>>>> RSA key was not possible anymore.
>>>> Each time I tried to connect to the server through SSH, it keeps asking
>>> me
>>>> for a password.
>>>> I tried to install the ipa-client on another server to just check if I
>>> had
>>>> the same behaviour and indeed, each time I run ipa-client-install, I
>>> can't
>>>> connect passwordlessly with root anymore.
>>>
>>> Hello,
>>>
>>> SSH with key with root account should work, SSSD (or the SSH public key
>>> tools)
>>> should not interfere with root user account at all. What I would suggest
>>> is to
>>> try to some newer version of sssd+ipa-client, RHEL-6.4 is quite old
>>> already.
>>> RHEL-6.6 (or even RHEL-7.1) would be a better starting point.
>>>
>>
>
More information about the Freeipa-users
mailing list