thanks for the clarification.
authorizedkeycommand part from sshd_config was already working .. the
question was specifically for .ssh/sss_authorizedkeys, as i didnt even see
it in the source. noticed that offline cache works for this, but i wasnt
able to remove it using sss_cache -u ${id} -S . How would i go about
removing it ? other than setting lower cache_timeoutOn Wed, Jun 11, 2014 at 5:31 PM, Jan Cholasta <[email protected]> wrote: > Hi, > > > On 11.6.2014 16:11, Daniel Jung wrote: > >> According to the doc, >> In order to manage user keys, SSSD has a tool, |sss_ssh_authorizedkeys|, >> which performs two operations: >> >> 1. >> >> Retrieves the user's public key from the user entries in the >> Identity Management (IPA) domain. >> 2. >> Stores the user key in a custom file, |.ssh/sss_authorized_keys|, in >> >> the standard authorized keys format. >> > > The documentation is not correct, see <https://bugzilla.redhat.com/ > show_bug.cgi?id=985809>. > > > >> So i can get the sss_ssh_authorizedkeys to spit out the publickey, and >> can auth using it via sshd, however, I do not see >> .ssh/sss_authorized_keys being created under users directory. I even >> tried creating the file and see if it gets updated. >> Don't see anything obvious in the ssh_config that would indicate adding >> authorized_keys. >> Anyone? >> > > You need to set AuthorizedKeysCommand to /usr/bin/sss_ssh_authorizedkeys > in sshd_config, ssh_config is not related. See sss_ssh_authorizedkeys man > page for more information. > > Honza > > -- > Jan Cholasta > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users >
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
