J N via FreeIPA-users wrote: > When I have a look at either ipa-client-install or Ansible role 'ipaserver' I > come across the options for OpenSSH: > > ipaclient_no_ssh > ipaclient_no_sshd <--- What I'm interested in. > > I want to install a IPA server and my question is: > What exactly is being configured, and should I use this option?
By default the client and server installers enable the ssh service in SSSD. On the client if ssh is enabled it sets PubkeyAuthentication to yes, enables the SSSD known hosts proxy and sets VerifyHostKeyDNS to yes (if --no-dns-sshfp is not set). When sshd configuration is enabled (default) it sets: PubkeyAuthentication yes KerberosAuthentication no GSSAPIAuthentication yes UsePAM yes ChallengeResponseAuthentication yes Depending on release of sshd it will also set AuthorizedKeysCommand or PubKeyAgent. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
