2.7. Configuring Client SSH Access

2.7. Configuring Client SSH Access

You can also configure the IPA client to accept incoming SSH requests and authenticate with the user's Kerberos credentials. After installing and configuring the IPA client, use the following procedure to configure the IPA client for SSH connections. Remember to replace the example host and domain names with your own host and domain name.

Procedure 2.6. To configure a Fedora IPA client for incoming SSH connections:

  1. The Red Hat Enterprise IPA client installation process configures the NTP service by default, but you should ensure that time on the IPA client and server is synchronized. If it is not, run the following commands on the IPA client: 

    # service ntpd stop
# ntpdate -s -p 8 -u ipaserver.example.com
# service ntpd start

    Note

    The ntpdate command does not work if ntpd is running.

  2. Obtain a Kerberos ticket for the admin user.

    # kinit admin

  3. Add a host service principal on the IPA client.

    # ipa-addservice host/ipaclient.example.com

  4. Retrieve the keytab.

    # ipa-getkeytab -s ipaserver.example.com -p host/ipaclient.example.com -k /etc/krb5.keytab

The IPA client should now be fully configured to accept incoming SSH connections and authenticate with the user's Kerberos credentials. Use the following command on another machine to test the configuration. This should succeed without asking for a password.

# ssh admin@ipaclient.example.com