Bug 985809 - sss_ssh_authorizedkeys documentation incorrect
sss_ssh_authorizedkeys documentation incorrect
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: doc-Deployment_Guide (Show other bugs)
6.4
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Stephen Wadeley
ecs-bugs
: Documentation
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-18 05:50 EDT by Jan Cholasta
Modified: 2015-07-23 06:38 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-23 06:38:44 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Cholasta 2013-07-18 05:50:41 EDT
Document URL: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/openssh-sssd.html

Section Number and Name: 11.2.9.2. Configuring OpenSSH to Use SSSD for User Keys

Describe the issue: 

The document incorrectly states that sss_ssh_authorizedkeys manages the file ~/.ssh/sss_authorized_keys and that it should be configured in ssh_config or ~/.ssh/config. There are also some missing configuration options.

Suggestions for improvement: 

sss_ssh_authorizedkeys does not manage any file, it prints authorized keys on its standard output. See sshd_config man page, AuthorizedKeysCommand option for details.

This feature is configured in /etc/ssh/sshd_config. The sshd service must be restarted in order for any changes to take effect.

The AuthorizedKeysCommand option should be accompanied by AuthorizedKeysCommandRunAs option:

    AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
    AuthorizedKeysCommandRunAs nobody

Remove the PubKeyAgent remark, this legacy option is not available in RHEL.

Additional information:

Note You need to log in before you can comment on or make changes to this bug.