Bug 985809

Summary: sss_ssh_authorizedkeys documentation incorrect
Product: Red Hat Enterprise Linux 6 Reporter: Jan Cholasta <jcholast>
Component: doc-Deployment_GuideAssignee: Stephen Wadeley <swadeley>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: unspecified Docs Contact:
Priority: high    
Version: 6.4CC: jcholast, swadeley
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-23 10:38:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Cholasta 2013-07-18 09:50:41 UTC 
Document URL: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/openssh-sssd.html

Section Number and Name: 11.2.9.2. Configuring OpenSSH to Use SSSD for User Keys

Describe the issue: 

The document incorrectly states that sss_ssh_authorizedkeys manages the file ~/.ssh/sss_authorized_keys and that it should be configured in ssh_config or ~/.ssh/config. There are also some missing configuration options.

Suggestions for improvement: 

sss_ssh_authorizedkeys does not manage any file, it prints authorized keys on its standard output. See sshd_config man page, AuthorizedKeysCommand option for details.

This feature is configured in /etc/ssh/sshd_config. The sshd service must be restarted in order for any changes to take effect.

The AuthorizedKeysCommand option should be accompanied by AuthorizedKeysCommandRunAs option:

    AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
    AuthorizedKeysCommandRunAs nobody

Remove the PubKeyAgent remark, this legacy option is not available in RHEL.

Additional information: