[Freeipa-users] Issues with FreeIPA SSH Key authentication
Venkataramana Kintali
venkataramana.kintali at gmail.com
Thu Sep 15 08:46:03 UTC 2016
Hi Lukas,
ssh_config is also same on all servers.
Our need is to do it both ways, to be able to login with ssh public
keys(uploaded in IPA) and disable password login, and be able to access
allhosts within the same IPA domain silently from any host.
Hoping the configs will help, I am including the configurations here.
ssh_config file : http://pastebin.com/MWHyH1Qw
sshd_config file: http://pastebin.com/gpn5XhXM
sssd_config file: http://pastebin.com/5Pby6xKp
I just used some placeholders for sssd_config file in pastebin instead of
actual values.
Thanks
Venkataramana
On Thu, Sep 15, 2016 at 10:09 AM, Lukas Slebodnik <lslebodn at redhat.com>
wrote:
> On (15/09/16 09:56), Venkataramana Kintali wrote:
> >Hi Lukas,
> >Thank you for responding.
> >I compared the configs.(sshd_config and sssd.conf ),they are same.
> Is /etc/ssh/ssh_config the same as well?
> NOTE: (ssh_config is not the same as sshd_config //extra 'd' in name)
>
> >sssd and sshd services are running on all the servers(IPA clients).
> >PubKey Authentication is enabled on all the servers.
> >I am not able to login with sshkeys.
> >
> >But I am able to ssh to these servers from the other IPA clients I am able
> >to connect to with ssh keys(after doing a kinit).
> >
> If I remeber correctly GSSAPI has higher priority then public keys.
> So the behaviour is expected.
>
> You should decide whether you want to authenticate
> with ssh keys stored in IPA or with kerberos ticket (GSSAPI)
> or you can change sshd configuration to allow only authentication
> with public keys.
>
> LS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160915/68ef9c95/attachment.htm>
More information about the Freeipa-users
mailing list