Hello, good people of FreeIPA-users,
Short version:
I've run into an issue where a SSH public key authentication doesn't work on the
FreeIPA client. When I run `sss_ssh_authorizedkeys <fully-qualified_user>` on the
client, there is a brief hang (10-15 seconds, maybe?) and then it returns nothing. The
same command run on the FreeIPA server does, however, correctly return the user's
public key.
Long version:
The server is FreeIPA 4.6.4 on CentOS 7 (all packages up to date) with a one-way trust to
active directory. The client is the ipa-server package version 4.7.0 on Ubuntu 18.04. I
added a user to the "Default Trust View" override and pasted in the public key.
The AD trust and client configuration seem to be working for the most part since I can log
into the client with my AD username and password. It's just SSH public key
authentication that doesn't work. As mentioned above, the `sss_ssh_authorizedkeys`
command runs successfully on the server but not on the client.
From the client logs, it looks like the client is having trouble communicating with the
server somehow. I don't see anything that looks like errors in the server logs. A
sanitized version of the client logs at debug_level 4 are here:
https://paste.fedoraproject.org/paste/y3nyxeb13wZMzaQNemhCNQ The sssd.conf from the client
is here:
https://paste.fedoraproject.org/paste/SK3qx0EcF19ggtrmssYZnw I can provide more
detailed logs to individuals.
I double-checked the firewalls on both the client and server and it looks to me like all
the necessary ports are open on both sides.
I have done a bunch of Googling and reading of documentation but nothing so far has led me
in the right direction. This is something that *was* working just fine on a test
deployment a few weeks ago. As far as I can tell, everything is set up the same. Is there
any other information I can provide?
Thanks,
Charles