Hi everyone,
I found this thread about openldap served ssh keys and sssd integration : https://lists.fedorahosted.org/pipermail/sssd-users/2013-March/000442.html
then I subscribed to this list :-)
I try to make that work but I stay stick : could you help ?
Here is where I am:
1- I have loaded "openssh-lpk_openldap.schema" in openldap
2- I have configured my account in the directory to know about "sshPublicKey" attribute, and I have inserted my key :
# ldapsearch -x -h localhost -b dc=guillard,dc=corp "(uid=olivier)" sshPublicKey
dn: uid=olivier,dc=guillard,dc=corp sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAAEBAKXF ..... BaO51jw8RUAt1u5QDa3UQiQ6X8Vq0j2MUh3LeXfk= guillard@corp
3- I also have configured sssd to tell him to look up for ssh keys in ldap:
# cat /etc/sssd/sssd.conf:
[domain/default]
... (the conf is correct: everything works fine for login§/passwords for example)
# I have added this in the default/section ldap_user_ssh_public_key = True
[sssd] services = nss, pam, ssh domains = default
[nss]
[pam]
[ssh]
4- I have restarted sssd (I get no error)
And now I'm stuck
# /usr/bin/sss_ssh_authorizedkeys olivier
-> does not return anything
Anyone could help : what have I forgotten ?
Any indication about what I should add in ssh_config to tell sshd to look for keys in sssd cache would also help.
Thanks !
--- Olivier
Hi everyone,
I found this thread about openldap served ssh keys and sssd integration : https://lists.fedorahosted.org/pipermail/sssd-users/2013-March/000442.html
then I subscribed to this list :-)
I try to make ssh to retreive my users ssh keys in an openldap directory but I stay stick at some point : could anyone help ?
Here is where I am:
1- I have loaded "openssh-lpk_openldap.schema" in openldap
2- I have configured my account in the directory to know about "sshPublicKey" attribute, and I have inserted my key :
# ldapsearch -x -h localhost -b dc=guillard,dc=corp "(uid=olivier)" sshPublicKey
dn: uid=olivier,dc=guillard,dc=corp sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAAEBAKXF ..... BaO51jw8RUAt1u5QDa3UQiQ6X8Vq0j2MUh3LeXfk= guillard@corp
3- I also have configured sssd to tell him to look up for ssh keys in ldap:
# cat /etc/sssd/sssd.conf:
[domain/default]
... (the conf is correct: everything works fine for login§/passwords for example)
# I have added this in the default/section ldap_user_ssh_public_key = True
[sssd] services = nss, pam, ssh domains = default
[nss]
[pam]
[ssh]
4- I have restarted sssd (I get no error)
And now I'm stuck
# /usr/bin/sss_ssh_authorizedkeys olivier
-> does not return anything
Anyone could help : what have I forgotten ?
Any indication about what I should add in ssh_config to tell sshd to look for keys in sssd cache would also help.
Thanks !
--- Olivier
Ok : I found where was my mistake :
This is wrong:
ldap_user_ssh_public_key = True
This is the right config : ldap_user_ssh_public_key = sshPublicKey
Now it works !
Thanks to Mathieu : http://blog.mlemoine.name/2013/04/11/centralizing-server-access.html
And all
Best,
--- Olivier
2013/9/18 Olivier ldap@guillard.nom.fr
Hi everyone,
I found this thread about openldap served ssh keys and sssd integration : https://lists.fedorahosted.org/pipermail/sssd-users/2013-March/000442.html
then I subscribed to this list :-)
I try to make ssh to retreive my users ssh keys in an openldap directory but I stay stick at some point : could anyone help ?
Here is where I am:
1- I have loaded "openssh-lpk_openldap.schema" in openldap
2- I have configured my account in the directory to know about "sshPublicKey" attribute, and I have inserted my key :
# ldapsearch -x -h localhost -b dc=guillard,dc=corp "(uid=olivier)" sshPublicKey
dn: uid=olivier,dc=guillard,dc=corp sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAAEBAKXF ..... BaO51jw8RUAt1u5QDa3UQiQ6X8Vq0j2MUh3LeXfk= guillard@corp
3- I also have configured sssd to tell him to look up for ssh keys in ldap:
# cat /etc/sssd/sssd.conf:
[domain/default]
... (the conf is correct: everything works fine for login§/passwordsfor example)
# I have added this in the default/sectionldap_user_ssh_public_key = True
[sssd] services = nss, pam, ssh domains = default
[nss]
[pam]
[ssh]
4- I have restarted sssd (I get no error)
And now I'm stuck
# /usr/bin/sss_ssh_authorizedkeys olivier
-> does not return anything
Anyone could help : what have I forgotten ?
Any indication about what I should add in ssh_config to tell sshd to look for keys in sssd cache would also help.
Thanks !
Olivier
On Wed, Sep 18, 2013 at 04:12:24PM +0200, Olivier wrote:
Ok : I found where was my mistake :
This is wrong:
ldap_user_ssh_public_key = True
This is the right config : ldap_user_ssh_public_key = sshPublicKey
Now it works !
Thanks to Mathieu : http://blog.mlemoine.name/2013/04/11/centralizing-server-access.html
We're glad the config works now!
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
Olivier