I was reading this slide "

to troubleshoot an issue which we are facing while  IPA to allow user using
public Key authentication and had few questions:

1. Where does IPA stores the User Public Keys, I can fetch them
using sss_ssh_authorizedkeys but would be good if I we can know from where
it fetches the keys. Is it in LDAP DB.

2. When I registered new users with PubKey Authentication, some of them are
working fine and some got prompted for Password (this also happen when we
update their public key). This usually happens when either SSH is not able
to pick the private key (id_rsa) or if there is some permission issue with
.ssh or authorized_keys file. I am trying to find this in IPA environment
as why this is happening for certain users only though it is picking the
right private_key and client side. SSSD logs and secure logs does not have
much to say except authentication failed.

3.  I have checked the sshd config and does not seems to be an issue.

KerberosAuthentication no
PubkeyAuthentication yes
UsePAM yes
GSSAPIAuthentication yes
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys

4. As per the above slide, OpenSSH Integration with SSSD Slide 2 says, that
add know_hosts file with SSSD, However, Neither IPA Client nor IPA Server
has this

Configure ssh in /etc/ssh/ssh_config
Get known_hosts  from SSSD
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h

A suggestion can really help us moving forward.

*Best Regards,*


*Yogesh Sharma*
*Email: yks0...@gmail.com <yks0...@gmail.com> | Web: www.initd.in
<http://www.initd.in/> *


<https://www.fb.com/yks0000>   <http://in.linkedin.com/in/yks0000>
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to