I forgot we configured or /etc/ssh/sshd_config as well. You need to have the authorizedkeys command. Here is what ours looks like.
AcceptEnv LANG LC_* AuthorizedKeysCommandUser nobody AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys Banner /etc/issue.net ChallengeResponseAuthentication no GSSAPIAuthentication yes HostbasedAuthentication no HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_rsa_key IgnoreRhosts yes KerberosAuthentication no KeyRegenerationInterval 3600 LoginGraceTime 120 LogLevel INFO MaxSessions 50 MaxStartups 50:30:60 PasswordAuthentication no PermitEmptyPasswords no PermitRootLogin no Port 22 PrintLastLog yes PrintMotd no Protocol 2 PubkeyAuthentication yes RhostsRSAAuthentication no RSAAuthentication yes ServerKeyBits 1024 StrictModes yes Subsystem sftp /usr/lib/openssh/sftp-server SyslogFacility AUTH TCPKeepAlive yes UseDNS no UsePAM yes UsePrivilegeSeparation yes X11DisplayOffset 10 X11Forwarding yes _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
