Jeff Vincent via FreeIPA-users wrote:
> Most of our FreeIPA client nodes are Ubuntu 14, 16 and some 18. We have a fair number where I am unable to use SSH authentication because the server refuses the key.
>
> The same user/key works fine on other nodes.
>
> I have checked to the best of my knowledge the files and compared them to a node that works and can't find any differences.
>
> /etc/nsswitch.conf
> /etc/sssd/sssd.conf
>
> I don't understand the nuances of FreeIPA to know where else to look. Can anyone suggest what else I can look at to troubleshoot what is going on? Every user experiences this on different nodes.
Compare the sshd config files.
See if the authorized keys tool works:
/usr/bin/sss_ssh_authorizedkeys someuser
rob