This should just work. Are you sure that you added the key properly? Make sure you click the "update" link after adding the key. I often made this mistake in the past.
On 20 April 2014 09:17, quest monger <quest.mon...@gmail.com> wrote: > I already ran that command to configure centos host as client. I used > 'ipa-client-install --mkhomedir --no-ntp'. > Now my IPA users are able to SSH to that box, using passwords set in IPA. > Next I would like them to SSH using keys. > When I looked through the document for more info, I found this line - 'After > uploading the user keys, configure SSSD to use FreeIPA as one of its > identity domains and set up OpenSSH to use the SSSD tooling for managing > user keys.' > I was hoping someone can shed light on how to do that. Or if someone has > configured their IPA clients to enable key-based SSH to clients, can they > please share their experience. > > Thanks. > > > > On Thu, Apr 17, 2014 at 5:48 PM, Dmitri Pal <d...@redhat.com> wrote: >> >> On 04/17/2014 02:42 PM, quest monger wrote: >> >> I have setup freeipa server, and added a centos client that my ipa users >> can now ssh too by using the freeipa account credentials. >> Now, i would like my users to be able to ssh to this centos client using >> keys. >> I read this - >> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/user-keys.html >> I generated the key-pair, and added the public key to user account in >> freeipa web console. >> >> Towards the end of that document, i found this - >> "After uploading the user keys, configure SSSD to use FreeIPA as one of >> its identity domains and set up OpenSSH to use the SSSD tooling for managing >> user keys." >> No instructions in the document on how to do this. >> >> Do i need to do anything on the centos client-side to make this work? >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipafirstname.lastname@example.org >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> yum install ipa-client >> >> then run ipa-client-install with arguments you need (see man pages or >> manual) which will configure your client. Depending on the version it will >> also be able to configure SSH integration. >> >> See man on ipa-client-install >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipaemail@example.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users