Thanks for update. Adding mailing list back, to be aware of the results. Given this description, I wonder if this is hitting https://bugzilla.redhat.com/show_bug.cgi?id=1201454 that is planned to be fixed in next RHEL-6 minor version.
On 06/03/2015 10:46 AM, bahan w wrote: > Hello again. > > The problem was coming from the sshd_config file. > The parameter PubkeyAuthentication=yes was placed after the parameter > PasswordAuthentication=yes. > I uncomment the PubkeyAuthentication=yes before the PasswprdAuthentication > and now it works. > > The problem is solved. > > Best regards. > > Bahan > > > On Wed, Jun 3, 2015 at 10:05 AM, bahan w <[email protected]> wrote: > >> Hello Martin. >> >> Unfortunately for me, I cannot migrate OS so I need to make it work with >> RHEL 6.4. :-( >> >> Best regards. >> Le 3 juin 2015 09:39, "Martin Kosek" <[email protected]> a écrit : >> >>> On 06/02/2015 06:27 PM, bahan w wrote: >>>> Hello ! >>>> >>>> I send you this mail because I have a problem linked with SSH and >>> FreeIPA. >>>> >>>> I have multiple servers : >>>> - One with FreeIPA server 3.0.0-26 >>>> - The others with FreeIPA client 3.0.0-26 >>>> >>>> They are running on RHEL 6.4. >>>> >>>> I configured a root user on each of them. >>>> On one specific server, I created an rsa key in order to connect >>>> passwordlessly from a specific server to all the others >>>> #### >>>> ssh-keygen -t rsa >>>> #### >>>> >>>> I distributed the public key on all the others : >>>> #### >>>> for i in ${my_server_list}; do scp /root/.ssh/id_rsa.pub >>>> $i:/root/.ssh/authorized_keys; done >>>> #### >>>> >>>> Once it was done, I modified the rights on these files : >>>> #### >>>> for i in ${my_server_list}; do scp $i "chmod 644 >>>> /root/.ssh/authorized_keys"; done >>>> #### >>>> >>>> And I was able to connect to all these servers without entering a >>> password. >>>> The system was working well. >>>> >>>> When I installed ipa-server on a specific server, this connection with >>> the >>>> RSA key was not possible anymore. >>>> Each time I tried to connect to the server through SSH, it keeps asking >>> me >>>> for a password. >>>> I tried to install the ipa-client on another server to just check if I >>> had >>>> the same behaviour and indeed, each time I run ipa-client-install, I >>> can't >>>> connect passwordlessly with root anymore. >>> >>> Hello, >>> >>> SSH with key with root account should work, SSSD (or the SSH public key >>> tools) >>> should not interfere with root user account at all. What I would suggest >>> is to >>> try to some newer version of sssd+ipa-client, RHEL-6.4 is quite old >>> already. >>> RHEL-6.6 (or even RHEL-7.1) would be a better starting point. >>> >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
