'=?utf-8?q?=5BSSSD-users=5D?= Question concerning SSH key attributes'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sssd-users
Subject:    =?utf-8?q?=5BSSSD-users=5D?= Question concerning SSH key attributes
From:       Lawrence Kearney <hangarbait () gmail ! com>
Date:       2019-09-30 15:25:13
Message-ID: CA+N3ZgHp3Hbwtjp7z4C66k6tkXV==YMhteXOyF9gDh3MUu5oOA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


A question concerning the following SSSD directives:

ldap_user_ssh_public_key =
ldap_host_ssh_public_key =

Both default to "sshPublicKey" values, but other than the obvious stated
use cases (in the directive names and man file entries) I feel I'm missing
something concerning the " ldap_host_ssh_public_key" directive.

For example, using the default configuration, the SSSD pulls down the
public key(s) stored for a user stored in the " sshPublicKey" attribute
using the "/usr/bin/sss_ssh_authorizedkeys" utility. to facilitate access
to a predetermined set of hosts.

What is the use case for the " ldap_host_ssh_public_key" directive? Is it
somehow used to store the public Key for a particular host (and why?) and
does it have any relationship to the "/usr/bin/sss_ssh_knownhostsproxy"
utility used to centralise (and distribute?) host keys?


Any info would be most useful and as always, thank you!


-- lawrence

-- 
Lawrence Kearney

[Attachment #5 (text/html)]

<div dir="ltr">A question concerning the following SSSD \
directives:<div><br></div><div>ldap_user_ssh_public_key = \
<br>ldap_host_ssh_public_key =<br clear="all"><div><br></div><div>Both default to \
&quot;sshPublicKey&quot; values, but other than the obvious stated use cases (in the \
directive names and man file entries) I feel I&#39;m missing something concerning the \
&quot;

ldap_host_ssh_public_key&quot; directive.</div><div><br></div><div>For example, using \
the default configuration, the SSSD pulls down the public key(s) stored for a user \
stored in the &quot;

sshPublicKey&quot; attribute using the &quot;/usr/bin/sss_ssh_authorizedkeys&quot; \
utility. to facilitate access to a predetermined set of \
hosts.</div><div><br></div><div>What is the use case for the &quot;

ldap_host_ssh_public_key&quot; directive? Is it somehow used to store the public Key \
for a particular host (and why?) and does it have any relationship to the \
&quot;/usr/bin/sss_ssh_knownhostsproxy&quot; utility used to centralise (and \
distribute?) host keys?</div><div><br></div><div><br></div><div>Any info would be \
most useful and as always, thank you!</div><div><br></div><div><br></div><div>-- \
lawrence</div><div><br></div>-- <br><div dir="ltr" class="gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div>Lawrence \
Kearney</div><p></p><div><div></div></div></div></div></div></div></div></div>


[Attachment #6 (text/plain)]

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic