The ssh command is just ssh [email protected], the c111111 is an IPA user, local users are working OK. The debug3 on sshd doesn't show anything, at least I can't spot anything. It's a standard IPA roll out and as you said sshd performs PAM and then SSSD is involved, with SSSD I can see new krb ticket being created on the host but ssh password login is denied. Happy to get all the logs just tell me what is needed as each of them is very verbose, I don't think copy/paste to the thread is sensible.
auth.log snippet Nov 27 05:54:32 csc-64 sshd[513083]: debug3: send packet: type 53 [preauth] Nov 27 05:54:32 csc-64 sshd[513083]: debug1: userauth_send_banner: sent [preauth] Nov 27 05:54:32 csc-64 sshd[513083]: debug2: input_userauth_request: try method none [preauth] Nov 27 05:54:32 csc-64 sshd[513083]: debug3: user_specific_delay: user specific delay 0.000ms [preauth] Nov 27 05:54:32 csc-64 sshd[513083]: debug3: ensure_minimum_time_since: elapsed 4.484ms, delaying 0.949ms (requested 5.433ms) [preauth] Nov 27 05:54:32 csc-64 sshd[513083]: debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive" [preauth] Nov 27 05:54:32 csc-64 sshd[513083]: debug3: send packet: type 51 [preauth] Nov 27 05:54:32 csc-64 sshd[513083]: debug3: receive packet: type 50 [preauth] Nov 27 05:54:32 csc-64 sshd[513083]: debug1: userauth-request for user c111111 service ssh-connection method publickey [preauth] Nov 27 05:54:32 csc-64 sshd[513083]: debug1: attempt 1 failures 0 [preauth] _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
