Hello! Trying to configure a Centos 6.3 server to authenticate ssh using keys stored in IPA . . . it's not working and I was hoping someone might be able to give a place to start debugging.

My user is in IPA (is is a publickey):
[root@iparepl01 log]# ipa user-find gmatz
--------------
1 user matched
--------------
  User login: gmatz
  First name: Guy
  Last name: Matz
  Home directory: /home/gmatz
  Login shell: /bin/bash
  UID: 1756600036
  GID: 1756600036
  Account disabled: False
SSH public key fingerprint: B7:97:56:71:31:D8:35:67:6A:4B:5F:C2:D8:00:E6:39 (ssh-rsa)
  Password: True
  Kerberos keys available: True

 . . .  which matches the key used on the client machine:
gmatz@halliburton:~$ uname -a
Linux halliburton 3.5.0-27-generic #46-Ubuntu SMP Mon Mar 25 19:58:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
gmatz@halliburton:~$ ssh-keygen -l
Enter file in which the key is (/home/gmatz/.ssh/id_rsa):
2048 b7:97:56:71:31:d8:35:67:6a:4b:5f:c2:d8:00:e6:39 gmatz@halliburton (RSA)

When I run sshd in debug mode, I don't see any indication that the ssh server is trying to connect to IPA, but strace gives some indication that sssd libs are being loaded.

I don't know if this is any help, but here's what audit.log says when publickey auth fails: type=CRYPTO_KEY_USER msg=audit(1366304690.290:26013): user pid=1592 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=2b:54:31:7d:2f:18:d9:ed:5b:1e:7d:37:34:fa:a7:3b direction=? spid=1592 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.2.67 terminal=? res=success' type=CRYPTO_KEY_USER msg=audit(1366304690.292:26014): user pid=1592 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=70:bc:4f:b5:1c:e4:93:0d:4f:c9:96:08:dc:85:22:ea direction=? spid=1592 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.2.67 terminal=? res=success' type=CRYPTO_SESSION msg=audit(1366304690.300:26015): user pid=1591 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=aes128-ctr ksize=128 spid=1592 suid=74 rport=45662 laddr=172.16.6.203 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.2.67 terminal=? res=success' type=CRYPTO_SESSION msg=audit(1366304690.300:26016): user pid=1591 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=aes128-ctr ksize=128 spid=1592 suid=74 rport=45662 laddr=172.16.6.203 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.2.67 terminal=? res=success' type=USER_AUTH msg=audit(1366304690.474:26017): user pid=1591 uid=0 auid=4294967295 ses=4294967295 msg='op=pubkey acct="gmatz" exe="/usr/sbin/sshd" hostname=? addr=192.168.2.67 terminal=ssh res=failed' type=USER_AUTH msg=audit(1366304690.485:26018): user pid=1591 uid=0 auid=4294967295 ses=4294967295 msg='op=pubkey acct="gmatz" exe="/usr/sbin/sshd" hostname=? addr=192.168.2.67 terminal=ssh res=failed'

any help is greatly appreciated!

Thanks a lot,
Guy

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to