Hello ! I send you this mail because I have a problem with an SSH connection with an IPA user (not a local user) on the client hosts.
Here are the versions I used : - ipa-server : ipa-server-4.6.6-11.el7.x86_64 - ipa-client : ipa-client-4.4.0-12.el7.x86_64 My nodes are on RHEL7. When I try to connect from myhost with myuser on the remote host myremotehost, I have the following error : ### # ssh myuser@myremotehost myuser@myremotehost's password: Permission denied, please try again. myuser@myremotehost's password: ### In the /var/log/secure log, I can see the following lines which appear when I try my SSH connection. ### Jun 9 19:27:15 myremotehost sshd[9778]: Connection from myip port 62250 on myremotehostip port 22 Jun 9 19:27:15 myremotehost sshd[9778]: reprocess config line 126: Deprecated option RSAAuthentication Jun 9 19:27:15 myremotehost sshd[9778]: reprocess config line 129: Deprecated option RhostsRSAAuthentication Jun 9 19:27:15 myremotehost sshd[9778]: Failed publickey for myuser from myip port 62250 ssh2: RSA SHA256:UP4xpD3GE//DpZYT44F+a+i1ryqsntlbFkQsPOHjVe8 Jun 9 19:27:23 myremotehost sshd[9778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myhost user=myuser Jun 9 19:27:25 myremotehost sshd[9778]: Failed password for myuser from myip port 62250 ssh2 ### The kinit with this password is OK. A "su - myuser" is OK with this password. I don't understand why ssh connection are not working. /etc/host.allow is configured to allow me to connect with sshd from myip and myhost to this host. In /etc/ssh/sshd_config, ALlowGroup line is good. myuser belongs to the right group in AllowGroup. Here is the command used to join the realm on myremotehost : ### ipa-client-install --domain=mydomain --realm=MYREALM --fixed-primary --server=IPASERVER1 --server=IPASERVER2 --principal=admin --password=ADMINPWD --mkhomedir --hostname=myremotehost --no-ntp --no-ssh --no-sshd ### Does the problem come from --no-ssh or --no-sshd ? How can I solve this problem without launching this command again ? Best regards. Lune
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org