Hi everyone,
I found this thread about openldap served ssh keys and sssd integration : https://lists.fedorahosted.org/pipermail/sssd-users/2013-March/000442.html
then I subscribed to this list :-)
I try to make that work but I stay stick : could you help ?
Here is where I am:
1- I have loaded "openssh-lpk_openldap.schema" in openldap
2- I have configured my account in the directory to know about "sshPublicKey" attribute, and I have inserted my key :
# ldapsearch -x -h localhost -b dc=guillard,dc=corp "(uid=olivier)" sshPublicKey
dn: uid=olivier,dc=guillard,dc=corp sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAAEBAKXF ..... BaO51jw8RUAt1u5QDa3UQiQ6X8Vq0j2MUh3LeXfk= guillard@corp
3- I also have configured sssd to tell him to look up for ssh keys in ldap:
# cat /etc/sssd/sssd.conf:
[domain/default]
... (the conf is correct: everything works fine for login§/passwords for example)
# I have added this in the default/section ldap_user_ssh_public_key = True
[sssd] services = nss, pam, ssh domains = default
[nss]
[pam]
[ssh]
4- I have restarted sssd (I get no error)
And now I'm stuck
# /usr/bin/sss_ssh_authorizedkeys olivier
-> does not return anything
Anyone could help : what have I forgotten ?
Any indication about what I should add in ssh_config to tell sshd to look for keys in sssd cache would also help.
Thanks !
--- Olivier