<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css" style="display:none;"></style> </head> <body dir="ltr"> <div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;"> Hi Gustavo,<br> <div id="Signature"> <div id="divtagdefaultwrapper"><br> Using settings from 'ipa-advise config-redhat-sssd-before-1-9' with below modifications seems to work quite well:<br> <br> - on ipa server add permisson to read ipaSshPubKey anonymously:<br> <br> [ipa-server]# ipa permission-add 'Read ipaSshPubKey' --type=user --attrs=ipaSshPubKey --bindtype=anonymous --permissions=read<br> <br> </div> <div id="divtagdefaultwrapper">[ipa-client]<span style="font-size: 12pt;"># diff /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig</span> <div> <div>2c2</div> <div>< services = nss, pam, ssh</div> <div>---</div> <div>> services = nss, pam</div> <div>12c12</div> <div>< ldap_search_base = cn=accounts,dc=example,dc=org</div> <div>---</div> <div>> ldap_search_base = cn=compat,dc=example,dc=org<br> </div> <div>14d13</div> <div>< ldap_user_ssh_public_key = ipaSshPubKey<br> </div> <br> <br> </div> <br> </div> </div> <div> <div style="color: rgb(0, 0, 0);"> <hr tabindex="-1" style="display:inline-block; width:98%"> <div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> freeipa-users-bounces@redhat.com <freeipa-users-bounces@redhat.com> on behalf of Gustavo Mateus <gustavo.mateus@gmail.com><br> <b>Sent:</b> 11 September 2015 00:30<br> <b>To:</b> freeipa-users@redhat.com<br> <b>Subject:</b> [Freeipa-users] AuthorizedKeysCommand for clients using nss-pam-ldapd</font> <div> </div> </div> <div> <div dir="ltr">Hi, <div><br> </div> <div>I'm trying to setup my Amazon Linux instances to be able to fetch the IPA users public ssh key.<br> <br> Do I have to setup a binddn and bindpw in the ldap.conf file and use /usr/libexec/openssh/ssh-ldap-wrapper or is there a better way to do it?</div> <div><br> </div> <div>Thanks,</div> <div>Gustavo</div> </div> </div> </div> </div> </div> </body> </html>