0

I'm trying to configure some Red Hat/CentOS servers to use an ipa-server on CentOS 6 for SSH authentication with public keys. I'm storing the public keys on the IPA server, which works great on Centos6 using "AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys" in /etc/ssh/sshd_config. However, on RH 5.10, neither the "AuthorizedKeysCommand" directive or the "/usr/bin/sss_ssh_authorizedkeys" command exist to pull the public key from the directory. Is there a different way to make this work? Googling this mostly returns instructions for setting it up on 6.

blindsnowmobile
  • 347
  • 5
  • 15

1 Answers1

1

Did you try to install 'sssd' package on RHEL 5.10?

yum install sssd

That package will install 'sss_ssh_authorizedkeys' binary.

If the package doesn't exist in RHEL repositories for 5.10 you can safely use the CentOS RPM because they are binary compatible distros.

Jakov Sosic
  • 5,157
  • 3
  • 22
  • 33
  • 1
    Yes, I installed sssd. It does not have the sss_ssh_authorizedkeys binary in 5.10. The bigger issue is that openssh-server package in 5.10 does not appear to support the AuthorizedKeysCommand directive. I rolled my own script to pull the public key from the directory, but I can't tell openssh-server to use it. I was hoping I could handle this in PAM, but it looks like openssh-server bypasses PAM entirely to do public key authentication. – blindsnowmobile Aug 27 '14 at 15:20
  • Maybe you should try backporting sssd and SSH from 6.x series, or from the first Fedora release between Fedora 6 & Fedora 12, to minimize number of needed packages / libraries? If you want, I can try to find version which supports AuthorizedKeysCommand, and try backporting it? – Jakov Sosic Aug 28 '14 at 12:39