Ok : I found where was my mistake :
This is wrong:
ldap_user_ssh_public_key = True
This is the right config :
ldap_user_ssh_public_key = sshPublicKey
Now it works !
Thanks to Mathieu :
http://blog.mlemoine.name/2013/04/11/centralizing-server-access.html
And all
Best,
---
Olivier
2013/9/18 Olivier <ldap(a)guillard.nom.fr>
Hi everyone,
I found this thread about openldap served ssh keys and sssd integration :
https://lists.fedorahosted.org/pipermail/sssd-users/2013-March/000442.html
then I subscribed to this list :-)
I try to make ssh to retreive my users ssh keys in an openldap directory
but I stay stick at some point : could anyone help ?
Here is where I am:
1- I have loaded "openssh-lpk_openldap.schema" in openldap
2- I have configured my account in the directory to know about
"sshPublicKey" attribute, and I have inserted my key :
# ldapsearch -x -h localhost -b dc=guillard,dc=corp "(uid=olivier)"
sshPublicKey
dn: uid=olivier,dc=guillard,dc=corp
sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAAEBAKXF
.....
BaO51jw8RUAt1u5QDa3UQiQ6X8Vq0j2MUh3LeXfk= guillard@corp
3- I also have configured sssd to tell him to look up for ssh keys in
ldap:
# cat /etc/sssd/sssd.conf:
[domain/default]
... (the conf is correct: everything works fine for login§/passwords
for example)
# I have added this in the default/section
ldap_user_ssh_public_key = True
[sssd]
services = nss, pam, ssh
domains = default
[nss]
[pam]
[ssh]
4- I have restarted sssd (I get no error)
And now I'm stuck
# /usr/bin/sss_ssh_authorizedkeys olivier
-> does not return anything
Anyone could help : what have I forgotten ?
Any indication about what I should add in ssh_config to tell
sshd to look for keys in sssd cache would also help.
Thanks !
---
Olivier