Thanks for update. Adding mailing list back, to be aware of the results.
Given this description, I wonder if this is hitting
https://bugzilla.redhat.com/show_bug.cgi?id=1201454
that is planned to be fixed in next RHEL-6 minor version.
On 06/03/2015 10:46 AM, bahan w wrote:
Hello again.
The problem was coming from the sshd_config file.
The parameter PubkeyAuthentication=yes was placed after the parameter
PasswordAuthentication=yes.
I uncomment the PubkeyAuthentication=yes before the PasswprdAuthentication
and now it works.
The problem is solved.
Best regards.
Bahan
On Wed, Jun 3, 2015 at 10:05 AM, bahan w bahanw042...@gmail.com wrote:
Hello Martin.
Unfortunately for me, I cannot migrate OS so I need to make it work with
RHEL 6.4. :-(
Best regards.
Le 3 juin 2015 09:39, Martin Kosek mko...@redhat.com a écrit :
On 06/02/2015 06:27 PM, bahan w wrote:
Hello !
I send you this mail because I have a problem linked with SSH and
FreeIPA.
I have multiple servers :
- One with FreeIPA server 3.0.0-26
- The others with FreeIPA client 3.0.0-26
They are running on RHEL 6.4.
I configured a root user on each of them.
On one specific server, I created an rsa key in order to connect
passwordlessly from a specific server to all the others
ssh-keygen -t rsa
I distributed the public key on all the others :
for i in ${my_server_list}; do scp /root/.ssh/id_rsa.pub
$i:/root/.ssh/authorized_keys; done
Once it was done, I modified the rights on these files :
for i in ${my_server_list}; do scp $i chmod 644
/root/.ssh/authorized_keys; done
And I was able to connect to all these servers without entering a
password.
The system was working well.
When I installed ipa-server on a specific server, this connection with
the
RSA key was not possible anymore.
Each time I tried to connect to the server through SSH, it keeps asking
me
for a password.
I tried to install the ipa-client on another server to just check if I
had
the same behaviour and indeed, each time I run ipa-client-install, I
can't
connect passwordlessly with root anymore.
Hello,
SSH with key with root account should work, SSSD (or the SSH public key
tools)
should not interfere with root user account at all. What I would suggest
is to
try to some newer version of sssd+ipa-client, RHEL-6.4 is quite old
already.
RHEL-6.6 (or even RHEL-7.1) would be a better starting point.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project