Ok : I found where was my mistake : This is wrong: > ldap_user_ssh_public_key = True
This is the right config : ldap_user_ssh_public_key = sshPublicKey Now it works ! Thanks to Mathieu : http://blog.mlemoine.name/2013/04/11/centralizing-server-access.html And all Best, --- Olivier 2013/9/18 Olivier <[email protected]> > Hi everyone, > > I found this thread about openldap served ssh keys and sssd integration : > https://lists.fedorahosted.org/pipermail/sssd-users/2013-March/000442.html > > then I subscribed to this list :-) > > I try to make ssh to retreive my users ssh keys in an openldap directory > but I stay stick at some point : could anyone help ? > > Here is where I am: > > 1- I have loaded "openssh-lpk_openldap.schema" in openldap > > 2- I have configured my account in the directory to know about > "sshPublicKey" attribute, and I have inserted my key : > > # ldapsearch -x -h localhost -b dc=guillard,dc=corp "(uid=olivier)" > sshPublicKey > > dn: uid=olivier,dc=guillard,dc=corp > sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAAEBAKXF > ..... > BaO51jw8RUAt1u5QDa3UQiQ6X8Vq0j2MUh3LeXfk= guillard@corp > > 3- I also have configured sssd to tell him to look up for ssh keys in > ldap: > > # cat /etc/sssd/sssd.conf: > > [domain/default] > > ... (the conf is correct: everything works fine for loginĀ§/passwords > for example) > > # I have added this in the default/section > ldap_user_ssh_public_key = True > > [sssd] > services = nss, pam, ssh > domains = default > > [nss] > > [pam] > > [ssh] > > 4- I have restarted sssd (I get no error) > > And now I'm stuck > > # /usr/bin/sss_ssh_authorizedkeys olivier > > -> does not return anything > > Anyone could help : what have I forgotten ? > > Any indication about what I should add in ssh_config to tell > sshd to look for keys in sssd cache would also help. > > Thanks ! > > --- > Olivier > >
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
