Hello,
4 months ago I’ve opened an RFE on pagure about proper support for SSH HBA with SSSD fetching hostkeys from LDAP, it’s described here: https://pagure.io/SSSD/sssd/issue/4106
Since there’s no updates on the RFE I would like to bring the discussion to the list.
I came across another issue regarding SSH HBA on RHEL7, that’s reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1801459 and this motivated me to bring the discussion to here.
At this moment I’m working around the issue sharing the same SSH Host Keys between all the servers that should use SSH Hostbased Authentication, which is extremely bad and I really don’t want to continue in this path.
So is anyone out there having the same issues with Hostbased Authentication with SSSD + IPA?
Thanks,
On 2/12/20 9:23 PM, Vinícius Ferrão wrote:
Hello,
4 months ago I’ve opened an RFE on pagure about proper support for SSH HBA with SSSD fetching hostkeys from LDAP, it’s described here: https://pagure.io/SSSD/sssd/issue/4106
Since there’s no updates on the RFE I would like to bring the discussion to the list.
I came across another issue regarding SSH HBA on RHEL7, that’s reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1801459%C2%A0and this motivated me to bring the discussion to here.
At this moment I’m working around the issue sharing the same SSH Host Keys between all the servers that should use SSH Hostbased Authentication, which is extremely bad and I really don’t want to continue in this path.
So is anyone out there having the same issues with Hostbased Authentication with SSSD + IPA?
Thanks,
Hi Vinicius, I brought some attention to this ticket, see comments there.
Hi Pavel,
On 17 Feb 2020, at 11:51, Pavel Březina pbrezina@redhat.com wrote:
On 2/12/20 9:23 PM, Vinícius Ferrão wrote:
Hello, 4 months ago I’ve opened an RFE on pagure about proper support for SSH HBA with SSSD fetching hostkeys from LDAP, it’s described here: https://pagure.io/SSSD/sssd/issue/4106 Since there’s no updates on the RFE I would like to bring the discussion to the list. I came across another issue regarding SSH HBA on RHEL7, that’s reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1801459 and this motivated me to bring the discussion to here. At this moment I’m working around the issue sharing the same SSH Host Keys between all the servers that should use SSH Hostbased Authentication, which is extremely bad and I really don’t want to continue in this path. So is anyone out there having the same issues with Hostbased Authentication with SSSD + IPA? Thanks,
Hi Vinicius, I brought some attention to this ticket, see comments there.
Very nice indeed. I’ll test it and report back, just give me some days to do this.
It appears to be a solution.
Thank you!
sssd-users@lists.fedorahosted.org
-
Pavel Březina -
Vinícius Ferrão