> J N via FreeIPA-users wrote: > > By default the client and server installers enable the ssh service in SSSD. > > On the client if ssh is enabled it sets PubkeyAuthentication to yes, > enables the SSSD known hosts proxy and sets VerifyHostKeyDNS to yes (if > --no-dns-sshfp is not set). > > When sshd configuration is enabled (default) it sets: > > PubkeyAuthentication yes > KerberosAuthentication no > GSSAPIAuthentication yes > UsePAM yes > ChallengeResponseAuthentication yes > > Depending on release of sshd it will also set AuthorizedKeysCommand or > PubKeyAgent. > > rob Thanks. I'm not going to use FreeIPA as DNS, would you recommend me to set --no-dns-sshfp to true?
BTW, is this mentioned in some documentation? _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
