Hello, I’m trying to implement SSH Hostbased Authentication between IPA joined machines but I’m with difficulties regarding:
* The /etc/ssh/ssh_known_hosts file. In a FreeIPA environment the known_hosts are stored on IPA, and I’m aware of the ProxyCommand /usr/bin/sss_ssh_knownhostsproxy; but how can I create this file with the entries from FreeIPA? * Another issue is with the /etc/ssh/shosts.equiv file. It supports plain hostnames or netgroups, which is a NIS thing. FreeIPA offers any netgroups compatibility? I’m expecting to put something like: @nodes on this file to keep it simple. Any changes on IPA hosts would be reflected automatically. Thanks, PS: Further documentation about SSH Hostbased Authentication: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Host-based_Authentication _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org