Re: [Freeipa-users] setup key-based ssh using freeipa
I already ran that command to configure centos host as client. I used 'ipa-client-install --mkhomedir --no-ntp'. Now my IPA users are able to SSH to that box, using passwords set in IPA. Next I would like them to SSH using keys. When I looked through the document for more info, I found this line - 'After uploading the user keys, configure SSSD to use FreeIPA as one of its identity domains and set up OpenSSH to use the SSSD tooling for managing user keys.' I was hoping someone can shed light on how to do that. Or if someone has configured their IPA clients to enable key-based SSH to clients, can they please share their experience. Thanks. On Thu, Apr 17, 2014 at 5:48 PM, Dmitri Pal d...@redhat.com wrote: On 04/17/2014 02:42 PM, quest monger wrote: I have setup freeipa server, and added a centos client that my ipa users can now ssh too by using the freeipa account credentials. Now, i would like my users to be able to ssh to this centos client using keys. I read this - http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA _Guide/user-keys.html I generated the key-pair, and added the public key to user account in freeipa web console. Towards the end of that document, i found this - After uploading the user keys, configure SSSD to use FreeIPA as one of its identity domains and set up OpenSSH to use the SSSD tooling for managing user keys. No instructions in the document on how to do this. Do i need to do anything on the centos client-side to make this work? ___ Freeipa-users mailing listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users yum install ipa-client then run ipa-client-install with arguments you need (see man pages or manual) which will configure your client. Depending on the version it will also be able to configure SSH integration. See man on ipa-client-install -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] setup key-based ssh using freeipa
I have setup freeipa server, and added a centos client that my ipa users can now ssh too by using the freeipa account credentials. Now, i would like my users to be able to ssh to this centos client using keys. I read this - http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA _Guide/user-keys.html I generated the key-pair, and added the public key to user account in freeipa web console. Towards the end of that document, i found this - After uploading the user keys, configure SSSD to use FreeIPA as one of its identity domains and set up OpenSSH to use the SSSD tooling for managing user keys. No instructions in the document on how to do this. Do i need to do anything on the centos client-side to make this work? ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] setup key-based ssh using freeipa
On 04/17/2014 02:42 PM, quest monger wrote: I have setup freeipa server, and added a centos client that my ipa users can now ssh too by using the freeipa account credentials. Now, i would like my users to be able to ssh to this centos client using keys. I read this - http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/user-keys.html I generated the key-pair, and added the public key to user account in freeipa web console. Towards the end of that document, i found this - After uploading the user keys, configure SSSD to use FreeIPA as one of its identity domains and set up OpenSSH to use the SSSD tooling for managing user keys. No instructions in the document on how to do this. Do i need to do anything on the centos client-side to make this work? ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users yum install ipa-client then run ipa-client-install with arguments you need (see man pages or manual) which will configure your client. Depending on the version it will also be able to configure SSH integration. See man on ipa-client-install -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users