Ah, this doesn't work on ubuntu (14.04). The command itself works, but sshd
on ubuntu isn't probably compiled with support for this although I see
"AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" in sshd_config. I
don't think the freeipa/sssd ppas package sshd. Any way to get this working
on ubuntu 14.04 ?

On Fri, Apr 29, 2016 at 12:30 PM, Anon Lister <listera...@gmail.com> wrote:

> Yep sorry I missed that. You need to put your public keys in IPA.
> On Apr 29, 2016 3:32 AM, "Jakub Hrozek" <jhro...@redhat.com> wrote:
>
> On Thu, Apr 28, 2016 at 09:14:48PM -0400, Prasun Gera wrote:
> > >
> > > Your can still authenticate with SSH keys, but to access any NFS 4
> shares
> > > they will need a Kerberos ticket, which can be obtained via a 'kinit'
> after
> > > logging in.
> > >
> >
> > Then how does the key authentication work if the .ssh directory on nfs4
> is
> > not accessible ?  Doesn't the key authentication process rely on
> > .ssh/authorized keys being readable by the authentication module ?
>
> SSSD can fetch the authorized keys from IPA, see man
> sss_ssh_authorizedkeys(1)
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to