I already ran that command to configure centos host as client. I used 'ipa-client-install --mkhomedir --no-ntp'. Now my IPA users are able to SSH to that box, using passwords set in IPA. Next I would like them to SSH using keys. When I looked through the document for more info, I found this line - 'After uploading the user keys, configure SSSD to use FreeIPA as one of its identity domains and set up OpenSSH to use the SSSD tooling for managing user keys.' I was hoping someone can shed light on how to do that. Or if someone has configured their IPA clients to enable key-based SSH to clients, can they please share their experience.
Thanks. On Thu, Apr 17, 2014 at 5:48 PM, Dmitri Pal <d...@redhat.com> wrote: > On 04/17/2014 02:42 PM, quest monger wrote: > > I have setup freeipa server, and added a centos client that my ipa users > can now ssh too by using the freeipa account credentials. > Now, i would like my users to be able to ssh to this centos client using > keys. > I read this - http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA > _Guide/user-keys.html > I generated the key-pair, and added the public key to user account in > freeipa web console. > > Towards the end of that document, i found this - > "After uploading the user keys, configure SSSD to use FreeIPA as one of > its identity domains and set up OpenSSH to use the SSSD tooling for > managing user keys." > No instructions in the document on how to do this. > > Do i need to do anything on the centos client-side to make this work? > > > > _______________________________________________ > Freeipa-users mailing > listFreeipaemail@example.com://www.redhat.com/mailman/listinfo/freeipa-users > > yum install ipa-client > > then run ipa-client-install with arguments you need (see man pages or > manual) which will configure your client. Depending on the version it will > also be able to configure SSH integration. > > See man on ipa-client-install > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users