According to the doc, In order to manage user keys, SSSD has a tool, sss_ssh_authorizedkeys, which performs two operations:
1. Retrieves the user's public key from the user entries in the Identity Management (IPA) domain. 2. Stores the user key in a custom file, .ssh/sss_authorized_keys, in the standard authorized keys format.
So i can get the sss_ssh_authorizedkeys to spit out the publickey, and can auth using it via sshd, however, I do not see .ssh/sss_authorized_keys being created under users directory. I even tried creating the file and see if it gets updated. Don't see anything obvious in the ssh_config that would indicate adding authorized_keys. Anyone?
Hi,
On 11.6.2014 16:11, Daniel Jung wrote:
According to the doc, In order to manage user keys, SSSD has a tool, |sss_ssh_authorizedkeys|, which performs two operations:
- Retrieves the user's public key from the user entries in the Identity Management (IPA) domain.
- Stores the user key in a custom file, |.ssh/sss_authorized_keys|, in the standard authorized keys format.
The documentation is not correct, see https://bugzilla.redhat.com/show_bug.cgi?id=985809.
So i can get the sss_ssh_authorizedkeys to spit out the publickey, and can auth using it via sshd, however, I do not see .ssh/sss_authorized_keys being created under users directory. I even tried creating the file and see if it gets updated. Don't see anything obvious in the ssh_config that would indicate adding authorized_keys. Anyone?
You need to set AuthorizedKeysCommand to /usr/bin/sss_ssh_authorizedkeys in sshd_config, ssh_config is not related. See sss_ssh_authorizedkeys man page for more information.
Honza
thanks for the clarification. authorizedkeycommand part from sshd_config was already working .. the question was specifically for .ssh/sss_authorizedkeys, as i didnt even see it in the source. noticed that offline cache works for this, but i wasnt able to remove it using sss_cache -u ${id} -S . How would i go about removing it ? other than setting lower cache_timeout
On Wed, Jun 11, 2014 at 5:31 PM, Jan Cholasta jcholast@redhat.com wrote:
Hi,
On 11.6.2014 16:11, Daniel Jung wrote:
According to the doc, In order to manage user keys, SSSD has a tool, |sss_ssh_authorizedkeys|, which performs two operations:
Retrieves the user's public key from the user entries in the Identity Management (IPA) domain.
Stores the user key in a custom file, |.ssh/sss_authorized_keys|, in
the standard authorized keys format.
The documentation is not correct, see https://bugzilla.redhat.com/ show_bug.cgi?id=985809.
So i can get the sss_ssh_authorizedkeys to spit out the publickey, and can auth using it via sshd, however, I do not see .ssh/sss_authorized_keys being created under users directory. I even tried creating the file and see if it gets updated. Don't see anything obvious in the ssh_config that would indicate adding authorized_keys. Anyone?
You need to set AuthorizedKeysCommand to /usr/bin/sss_ssh_authorizedkeys in sshd_config, ssh_config is not related. See sss_ssh_authorizedkeys man page for more information.
Honza
-- Jan Cholasta _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org
-
Daniel Jung -
Jan Cholasta