Hello,
I’m trying to implement SSH Hostbased Authentication between IPA joined
machines but I’m with difficulties regarding:
* The /etc/ssh/ssh_known_hosts file.
In a FreeIPA environment the known_hosts are stored on IPA, and I’m
aware of the ProxyCommand /usr/bin/sss_ssh_knownhostsproxy; but how can I
create this file with the entries from FreeIPA?
* Another issue is with the /etc/ssh/shosts.equiv file.
It supports plain hostnames or netgroups, which is a NIS thing. FreeIPA
offers any netgroups compatibility? I’m expecting to put something like: @nodes
on this file to keep it simple. Any changes on IPA hosts would be reflected
automatically.
Thanks,
PS: Further documentation about SSH Hostbased Authentication:
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Host-based_Authentication
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
