[Freeipa-users] RHEL5 clients not getting ssh key
Is there a trick to getting a users SSH key that’s attached to their FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6 clients with no issues but they still get prompted for their passwords on the RHEL 5 server, so it’s not pushing down their ssh keys. Thanks! Regards, -- Aric Wilisch awili...@gmail.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] RHEL5 clients not getting ssh key
On 04/30/2015 02:56 PM, Aric Wilisch wrote: Is there a trick to getting a users SSH key that’s attached to their FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6 clients with no issues but they still get prompted for their passwords on the RHEL 5 server, so it’s not pushing down their ssh keys. Thanks! Regards, -- Aric Wilisch awili...@gmail.com Well, RHEL-5's latest build should be sssd-1.5.1-71.el5, but the SSH public key support was added in SSSD 1.8: https://fedorahosted.org/sssd/ticket/610 So I do not know any way besides upgrading to RHEL-6/RHEL-7 or backporting the SSSD 1.8+ yourself (which I do not expect to be an easy task). Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] RHEL5 clients not getting ssh key
On Thu, Apr 30, 2015 at 03:13:44PM +0200, Martin Kosek wrote: On 04/30/2015 02:56 PM, Aric Wilisch wrote: Is there a trick to getting a users SSH key that’s attached to their FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6 clients with no issues but they still get prompted for their passwords on the RHEL 5 server, so it’s not pushing down their ssh keys. Thanks! Regards, -- Aric Wilisch awili...@gmail.com Well, RHEL-5's latest build should be sssd-1.5.1-71.el5, but the SSH public key support was added in SSSD 1.8: https://fedorahosted.org/sssd/ticket/610 So I do not know any way besides upgrading to RHEL-6/RHEL-7 or backporting the SSSD 1.8+ yourself (which I do not expect to be an easy task). The 1.9 branch should build and work on RHEL-5. The newer branches might not (iow, upstream dropped RHEL-5 support). -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] RHEL5 clients not getting ssh key
On (30/04/15 15:34), Jakub Hrozek wrote: On Thu, Apr 30, 2015 at 03:13:44PM +0200, Martin Kosek wrote: On 04/30/2015 02:56 PM, Aric Wilisch wrote: Is there a trick to getting a users SSH key that’s attached to their FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6 clients with no issues but they still get prompted for their passwords on the RHEL 5 server, so it’s not pushing down their ssh keys. Thanks! Regards, -- Aric Wilisch awili...@gmail.com Well, RHEL-5's latest build should be sssd-1.5.1-71.el5, but the SSH public key support was added in SSSD 1.8: https://fedorahosted.org/sssd/ticket/610 So I do not know any way besides upgrading to RHEL-6/RHEL-7 or backporting the SSSD 1.8+ yourself (which I do not expect to be an easy task). The 1.9 branch should build and work on RHEL-5. But IIRC openssh-server should be patched as well. LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] RHEL5 clients not getting ssh key
On Thu, Apr 30, 2015 at 04:32:30PM +0200, Lukas Slebodnik wrote: On (30/04/15 15:34), Jakub Hrozek wrote: On Thu, Apr 30, 2015 at 03:13:44PM +0200, Martin Kosek wrote: On 04/30/2015 02:56 PM, Aric Wilisch wrote: Is there a trick to getting a users SSH key that’s attached to their FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6 clients with no issues but they still get prompted for their passwords on the RHEL 5 server, so it’s not pushing down their ssh keys. Thanks! Regards, -- Aric Wilisch awili...@gmail.com Well, RHEL-5's latest build should be sssd-1.5.1-71.el5, but the SSH public key support was added in SSSD 1.8: https://fedorahosted.org/sssd/ticket/610 So I do not know any way besides upgrading to RHEL-6/RHEL-7 or backporting the SSSD 1.8+ yourself (which I do not expect to be an easy task). The 1.9 branch should build and work on RHEL-5. But IIRC openssh-server should be patched as well. Perhaps, you definitely need the AuthorizedKeysCommand and similar. Honza might know best.. At any rate, upgrading from RHEL-5 to something recent is a good idea :-) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] RHEL5 clients not getting ssh key
I wish I could, but unfortunately these are RHEL 5 because the client has not yet upgraded their software to work on 6 or 7, so I’m stuck with a RHEL 5 infrastructure for awhile. As long as it authenticates and sudo works we may just have to live with the keys not working. Thanks for the info though. I might try 1.9 and see if that fixes the problem. Regards, -- Aric Wilisch awili...@gmail.com On Apr 30, 2015, at 10:42 AM, Jakub Hrozek jhro...@redhat.com wrote: On Thu, Apr 30, 2015 at 04:32:30PM +0200, Lukas Slebodnik wrote: On (30/04/15 15:34), Jakub Hrozek wrote: On Thu, Apr 30, 2015 at 03:13:44PM +0200, Martin Kosek wrote: On 04/30/2015 02:56 PM, Aric Wilisch wrote: Is there a trick to getting a users SSH key that’s attached to their FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6 clients with no issues but they still get prompted for their passwords on the RHEL 5 server, so it’s not pushing down their ssh keys. Thanks! Regards, -- Aric Wilisch awili...@gmail.com Well, RHEL-5's latest build should be sssd-1.5.1-71.el5, but the SSH public key support was added in SSSD 1.8: https://fedorahosted.org/sssd/ticket/610 So I do not know any way besides upgrading to RHEL-6/RHEL-7 or backporting the SSSD 1.8+ yourself (which I do not expect to be an easy task). The 1.9 branch should build and work on RHEL-5. But IIRC openssh-server should be patched as well. Perhaps, you definitely need the AuthorizedKeysCommand and similar. Honza might know best.. At any rate, upgrading from RHEL-5 to something recent is a good idea :-) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org http://freeipa.org/ for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
