Ryfujk

What's the difference between 'rename' and 'mv'?

UK: Is there precedent for the governments e-petition site changing the direction of a government decision?

AES: Why is it a good practice to use only the first 16bytes of a hash for encryption?

If human space travel is limited by the G force vulnerability, is there a way to counter G forces?

Should I tell management that I intend to leave due to bad software development practices?

How can I make my BBEG immortal short of making them a Lich or Vampire?

Stopping power of mountain vs road bike

How can I prevent hyper evolved versions of regular creatures from wiping out their cousins?

I'm flying to France today and my passport expires in less than 2 months

Did converts (ger tzedek) in ancient Israel own land?

In Romance of the Three Kingdoms why do people still use bamboo sticks when papers are already invented?

Why can't we play rap on piano?

Will google still index a page if I use a $_SESSION variable?

How to take photos in burst mode, without vibration?

Does a druid starting with a bow start with no arrows?

How badly should I try to prevent a user from XSSing themselves?

Python: return float 1.0 as int 1 but float 1.5 as float 1.5

Why "Having chlorophyll without photosynthesis is actually very dangerous" and "like living with a bomb"?

Is "remove commented out code" correct English?

Twin primes whose sum is a cube

Why is the 'in' operator throwing an error with a string literal instead of logging false?

Took a trip to a parallel universe, need help deciphering

Fully-Firstable Anagram Sets

Infinite Abelian subgroup of infinite non Abelian group example

Configuring Redhat / CentOS 5 SSH to authenticate to IPA server with public keys

Updating Samba From RPMsHelp setting up a secondary authoritative DNS serverHOw to make rsa key pairs work in CentOS 6Why has CD/DVD host passthrough been disabled in CentOS 7 RHEL 7?SSHD on Cygwin: can't connect as “root” from a Linux boxMove home directory on Azure Linux VMipa users cannot sudo on some machines only, including the ipa serverIPA server NFS services adding issue centos 7.2Yum update - /bin/python not foundsss_ssh_authorizedkeys returns error code 13 when called from sshd

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

0

I'm trying to configure some Red Hat/CentOS servers to use an ipa-server on CentOS 6 for SSH authentication with public keys. I'm storing the public keys on the IPA server, which works great on Centos6 using "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" in /etc/ssh/sshd_config. However, on RH 5.10, neither the "AuthorizedKeysCommand" directive or the "/usr/bin/sss_ssh_authorizedkeys" command exist to pull the public key from the directory. Is there a different way to make this work? Googling this mostly returns instructions for setting it up on 6.

centos redhat keys freeipa

share|improve this question

asked Aug 22 '14 at 15:51

blindsnowmobileblindsnowmobile

205312

bumped to the homepage by Community♦ 6 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

0

I'm trying to configure some Red Hat/CentOS servers to use an ipa-server on CentOS 6 for SSH authentication with public keys. I'm storing the public keys on the IPA server, which works great on Centos6 using "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" in /etc/ssh/sshd_config. However, on RH 5.10, neither the "AuthorizedKeysCommand" directive or the "/usr/bin/sss_ssh_authorizedkeys" command exist to pull the public key from the directory. Is there a different way to make this work? Googling this mostly returns instructions for setting it up on 6.

centos redhat keys freeipa

share|improve this question

asked Aug 22 '14 at 15:51

blindsnowmobileblindsnowmobile

205312

bumped to the homepage by Community♦ 6 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

I'm trying to configure some Red Hat/CentOS servers to use an ipa-server on CentOS 6 for SSH authentication with public keys. I'm storing the public keys on the IPA server, which works great on Centos6 using "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" in /etc/ssh/sshd_config. However, on RH 5.10, neither the "AuthorizedKeysCommand" directive or the "/usr/bin/sss_ssh_authorizedkeys" command exist to pull the public key from the directory. Is there a different way to make this work? Googling this mostly returns instructions for setting it up on 6.

centos redhat keys freeipa

share|improve this question

asked Aug 22 '14 at 15:51

blindsnowmobileblindsnowmobile

205312

share|improve this question

asked Aug 22 '14 at 15:51

blindsnowmobileblindsnowmobile

205312

share|improve this question

asked Aug 22 '14 at 15:51

blindsnowmobileblindsnowmobile

205312

asked Aug 22 '14 at 15:51

blindsnowmobileblindsnowmobile

205312

asked Aug 22 '14 at 15:51

blindsnowmobileblindsnowmobile

205312

1 Answer
1

active

oldest

votes

0

Did you try to install 'sssd' package on RHEL 5.10?

yum install sssd

That package will install 'sss_ssh_authorizedkeys' binary.

If the package doesn't exist in RHEL repositories for 5.10 you can safely use the CentOS RPM because they are binary compatible distros.

share|improve this answer

answered Aug 24 '14 at 11:41

Jakov SosicJakov Sosic

4,24921627

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Yes, I installed sssd. It does not have the sss_ssh_authorizedkeys binary in 5.10. The bigger issue is that openssh-server package in 5.10 does not appear to support the AuthorizedKeysCommand directive. I rolled my own script to pull the public key from the directory, but I can't tell openssh-server to use it. I was hoping I could handle this in PAM, but it looks like openssh-server bypasses PAM entirely to do public key authentication.
  
  – blindsnowmobile
  Aug 27 '14 at 15:20
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Maybe you should try backporting sssd and SSH from 6.x series, or from the first Fedora release between Fedora 6 & Fedora 12, to minimize number of needed packages / libraries? If you want, I can try to find version which supports AuthorizedKeysCommand, and try backporting it?
  
  – Jakov Sosic
  Aug 28 '14 at 12:39
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f623359%2fconfiguring-redhat-centos-5-ssh-to-authenticate-to-ipa-server-with-public-keys%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

Did you try to install 'sssd' package on RHEL 5.10?

yum install sssd

That package will install 'sss_ssh_authorizedkeys' binary.

If the package doesn't exist in RHEL repositories for 5.10 you can safely use the CentOS RPM because they are binary compatible distros.

share|improve this answer

answered Aug 24 '14 at 11:41

Jakov SosicJakov Sosic

4,24921627

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Yes, I installed sssd. It does not have the sss_ssh_authorizedkeys binary in 5.10. The bigger issue is that openssh-server package in 5.10 does not appear to support the AuthorizedKeysCommand directive. I rolled my own script to pull the public key from the directory, but I can't tell openssh-server to use it. I was hoping I could handle this in PAM, but it looks like openssh-server bypasses PAM entirely to do public key authentication.
  
  – blindsnowmobile
  Aug 27 '14 at 15:20
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Maybe you should try backporting sssd and SSH from 6.x series, or from the first Fedora release between Fedora 6 & Fedora 12, to minimize number of needed packages / libraries? If you want, I can try to find version which supports AuthorizedKeysCommand, and try backporting it?
  
  – Jakov Sosic
  Aug 28 '14 at 12:39
  

  
  
  
  

add a comment | 

0

Did you try to install 'sssd' package on RHEL 5.10?

yum install sssd

That package will install 'sss_ssh_authorizedkeys' binary.

If the package doesn't exist in RHEL repositories for 5.10 you can safely use the CentOS RPM because they are binary compatible distros.

share|improve this answer

answered Aug 24 '14 at 11:41

Jakov SosicJakov Sosic

4,24921627

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Yes, I installed sssd. It does not have the sss_ssh_authorizedkeys binary in 5.10. The bigger issue is that openssh-server package in 5.10 does not appear to support the AuthorizedKeysCommand directive. I rolled my own script to pull the public key from the directory, but I can't tell openssh-server to use it. I was hoping I could handle this in PAM, but it looks like openssh-server bypasses PAM entirely to do public key authentication.
  
  – blindsnowmobile
  Aug 27 '14 at 15:20
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Maybe you should try backporting sssd and SSH from 6.x series, or from the first Fedora release between Fedora 6 & Fedora 12, to minimize number of needed packages / libraries? If you want, I can try to find version which supports AuthorizedKeysCommand, and try backporting it?
  
  – Jakov Sosic
  Aug 28 '14 at 12:39
  

  
  
  
  

add a comment | 

Did you try to install 'sssd' package on RHEL 5.10?

yum install sssd

That package will install 'sss_ssh_authorizedkeys' binary.

If the package doesn't exist in RHEL repositories for 5.10 you can safely use the CentOS RPM because they are binary compatible distros.

share|improve this answer

answered Aug 24 '14 at 11:41

Jakov SosicJakov Sosic

4,24921627

yum install sssd

share|improve this answer

answered Aug 24 '14 at 11:41

Jakov SosicJakov Sosic

4,24921627

answered Aug 24 '14 at 11:41

Jakov SosicJakov Sosic

4,24921627

answered Aug 24 '14 at 11:41

Jakov SosicJakov Sosic

4,24921627