Hi Lukas,
ssh_config is also same on all servers.
Our need is to do it both  ways, to be able to login with ssh public
keys(uploaded in IPA) and disable password login, and be able to access
allhosts within the same IPA domain silently from any host.
Hoping the configs will help, I am including the configurations here.

ssh_config file :  http://pastebin.com/MWHyH1Qw
sshd_config file: http://pastebin.com/gpn5XhXM
sssd_config file: http://pastebin.com/5Pby6xKp

I just used some placeholders for sssd_config file in pastebin instead of
actual values.


Thanks
Venkataramana



On Thu, Sep 15, 2016 at 10:09 AM, Lukas Slebodnik <lsleb...@redhat.com>
wrote:

> On (15/09/16 09:56), Venkataramana Kintali wrote:
> >Hi Lukas,
> >Thank you for responding.
> >I compared the configs.(sshd_config and sssd.conf ),they are same.
> Is /etc/ssh/ssh_config the same as well?
> NOTE: (ssh_config is not the same as sshd_config //extra 'd' in name)
>
> >sssd  and sshd services are running on all the servers(IPA clients).
> >PubKey Authentication is enabled on all the servers.
> >I am not able to login with sshkeys.
> >
> >But I am able to ssh to these servers from the other IPA clients I am able
> >to connect to with ssh keys(after doing a kinit).
> >
> If I remeber correctly GSSAPI has higher priority then public keys.
> So the behaviour is expected.
>
> You should decide whether you want to authenticate
> with ssh keys stored in IPA or with kerberos ticket (GSSAPI)
> or you can change sshd configuration to allow only authentication
> with public keys.
>
> LS
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to