On 06/02/2015 06:27 PM, bahan w wrote:
> Hello !
> I send you this mail because I have a problem linked with SSH and FreeIPA.
> I have multiple servers :
> - One with FreeIPA server 3.0.0-26
> - The others with FreeIPA client 3.0.0-26
> They are running on RHEL 6.4.
> I configured a root user on each of them.
> On one specific server, I created an rsa key in order to connect
> passwordlessly from a specific server to all the others
> ####
> ssh-keygen -t rsa
> ####
> I distributed the public key on all the others :
> ####
> for i in ${my_server_list}; do scp /root/.ssh/id_rsa.pub
> $i:/root/.ssh/authorized_keys; done
> ####
> Once it was done, I modified the rights on these files :
> ####
> for i in ${my_server_list}; do scp $i "chmod 644
> /root/.ssh/authorized_keys"; done
> ####
> And I was able to connect to all these servers without entering a password.
> The system was working well.
> When I installed ipa-server on a specific server, this connection with the
> RSA key was not possible anymore.
> Each time I tried to connect to the server through SSH, it keeps asking me
> for a password.
> I tried to install the ipa-client on another server to just check if I had
> the same behaviour and indeed, each time I run ipa-client-install, I can't
> connect passwordlessly with root anymore.


SSH with key with root account should work, SSSD (or the SSH public key tools)
should not interfere with root user account at all. What I would suggest is to
try to some newer version of sssd+ipa-client, RHEL-6.4 is quite old already.
RHEL-6.6 (or even RHEL-7.1) would be a better starting point.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to