3.2.5. Configuring Client SSH Access

3.2.5. Configuring Client SSH Access

Use the following procedure to configure the Solaris IPA client to accept incoming SSH requests and authenticate with the user's Kerberos credentials. Remember to replace the example host and domain names with your own host and domain name.

The ipa-admintools package is not available for Solaris. Consequently, you need to perform the following steps on the IPA server.

Procedure 3.1. To configure client SSH access:

  1. Add a host service principal for the Solaris client.

    # ipa-addservice host/solarisipaclient.example.com

  2. Create the host keytab file.

    # ipa-getkeytab -s ipaserver.example.com -p host/solarisipaclient.example.com -k /tmp/krb5.keytab -e des-cbc-crc

  3. Copy this keytab to the Solaris machine as /etc/krb5/krb5.keytab.

    # scp /tmp/krb5.keytab root@solarisipaclient.example.com:/etc/krb5/krb5.keytab

Note

After you have performed all of the preceding configuration steps, reboot the Solaris machine to ensure that all of the changes take effect.