On 06/02/2015 06:27 PM, bahan w wrote:
> Hello !
>
> I send you this mail because I have a problem linked with SSH and FreeIPA.
>
> I have multiple servers :
> - One with FreeIPA server 3.0.0-26
> - The others with FreeIPA client 3.0.0-26
>
> They are running on RHEL 6.4.
>
> I configured a root user on each of them.
> On one specific server, I created an rsa key in order to connect
> passwordlessly from a specific server to all the others
> ####
> ssh-keygen -t rsa
> ####
>
> I distributed the public key on all the others :
> ####
> for i in ${my_server_list}; do scp /root/.ssh/id_rsa.pub
> $i:/root/.ssh/authorized_keys; done
> ####
>
> Once it was done, I modified the rights on these files :
> ####
> for i in ${my_server_list}; do scp $i "chmod 644
> /root/.ssh/authorized_keys"; done
> ####
>
> And I was able to connect to all these servers without entering a password.
> The system was working well.
>
> When I installed ipa-server on a specific server, this connection with the
> RSA key was not possible anymore.
> Each time I tried to connect to the server through SSH, it keeps asking me
> for a password.
> I tried to install the ipa-client on another server to just check if I had
> the same behaviour and indeed, each time I run ipa-client-install, I can't
> connect passwordlessly with root anymore.
Hello,
SSH with key with root account should work, SSSD (or the SSH public key tools)
should not interfere with root user account at all. What I would suggest is to
try to some newer version of sssd+ipa-client, RHEL-6.4 is quite old already.
RHEL-6.6 (or even RHEL-7.1) would be a better starting point.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
