# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
AuthorizedKeysCommand /usr/bin/privacyidea-authorizedkeys
AuthorizedKeysCommandUser root
[root@satellite110 ~]# privacyidea-authorizedkeys root
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:791: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:791: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
ssh-rss AAAAB3NzaC1yc2EAAAABJQAA.....3OfrrRj4/+O8XC6XT9k= iphone-rsa-key-20151225
I figured the HTTPS error wasn't an issue and that it should still work from what I read at the security.html it recommends reading, but I may have read it wrong.
Here is the log file from the SSH server:
[2015-12-29 00:30:52,517][25145][139740788180736][INFO][privacyidea.lib.resolvers.PasswdIdResolver:130] loading users from file /etc/passwd from within '/home/privacyidea'
[2015-12-29 00:30:52,518][25145][139740788180736][INFO][privacyidea.lib.user:188] user u'root' found in resolver u'deflocal'
[2015-12-29 00:30:52,518][25145][139740788180736][INFO][privacyidea.lib.user:189] userid resolved to '0'
[2015-12-29 00:30:52,576][25145][139740788180736][INFO][privacyidea.lib.resolvers.PasswdIdResolver:130] loading users from file /etc/passwd from within '/home/privacyidea'
[2015-12-29 00:30:52,590][25145][139740788180736][INFO][privacyidea.lib.resolvers.PasswdIdResolver:130] loading users from file /etc/passwd from within '/home/privacyidea'
[2015-12-29 00:30:52,599][25145][139740788180736][INFO][privacyidea.lib.resolvers.PasswdIdResolver:130] loading users from file /etc/passwd from within '/home/privacyidea'
[2015-12-29 00:31:30,746][25145][139740788180736][INFO][privacyidea.lib.resolvers.PasswdIdResolver:130] loading users from file /etc/passwd from within '/home/privacyidea'
[2015-12-29 00:31:30,747][25145][139740788180736][INFO][privacyidea.lib.user:188] user u'root' found in resolver u'deflocal'
[2015-12-29 00:31:30,747][25145][139740788180736][INFO][privacyidea.lib.user:189] userid resolved to '0'
[2015-12-29 00:31:30,794][25145][139740788180736][INFO][privacyidea.lib.resolvers.PasswdIdResolver:130] loading users from file /etc/passwd from within '/home/privacyidea'
[2015-12-29 00:31:30,807][25145][139740788180736][INFO][privacyidea.lib.resolvers.PasswdIdResolver:130] loading users from file /etc/passwd from within '/home/privacyidea'
[2015-12-29 00:31:30,815][25145][139740788180736][INFO][privacyidea.lib.resolvers.PasswdIdResolver:130] loading users from file /etc/passwd from within '/home/privacyidea'
Unfortunately I still don't have /var/log/privacyidea/privacyidea.log file on the client machine that I am trying to SSH into. I did add a file there manually hoping it would maybe use it after running the 'privacyidea-authorizedkeys root' command, but the file is empty.
I also edited the client's config file located in /etc/privacyidea/authorizedkeys and added these lines:
PI_LOGFILE = "/var/log/privacyidea/privacyidea.log"
PI_LOGLEVEL = 10
I also added those same lines to /usr/bin/privacyidea-authorizedkeys and changed DEBUG to true:
VERSION = '2.4'
DEBUG = True
DESCRIPTION = __doc__
DEFAULT_CONFIG = "/etc/privacyidea/authorizedkeyscommand"
PI_LOGLEVEL = 10
PI_LOGFILE = "/var/log/privacyidea/privacyidea.log"
Even with all the I'm still not seeing a log file anywhere on the client machine. I must be doing something wrong if it isn't generating one for us.
I hope I am not tiring you, I apologize for my ignorance with this. The missing log file is perplexing me. Thank you so much for your time and help with this.
Thanks,
Arthur
[Default]
url=https://<IP>
admin=****
password=****
nosslcheck = True
[root@satellite110 ~]# privacyidea-authorizedkeys --nosslcheck root
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:791: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:791: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
ssh-rss AAAAB3NzaC1yc2EAAAAB.....XC6XT9k= iphone-rsa-key-20151225
'internal admin','admin','None','1','<IP>','OK','184','<IP>','None','POST /auth','OK','','None','','2015-12-29T04:00:18','None','None'
'host: satellite110, application: ssh','admin','None','1','<IP>','OK','185','<IP>','None','GET /machine/authitem/<application>','OK','None','None','','2015-12-29T04:00:18','None','None'
'internal admin','admin','None','1','<IP>','OK','186','<IP>','None','POST /auth','OK','','None','','2015-12-29T14:35:17','None','None'
'host: satellite110, application: ssh','admin','None','1','<IP>','OK','187','<IP>','None','GET /machine/authitem/<application>','OK','None','None','','2015-12-29T14:35:17','None','None'
'internal admin','admin','None','1','<IP>','OK','188','<IP>','None','POST /auth','OK','','None','','2015-12-29T14:43:54','None','None'
'realm: ['*']','admin','None','1','<IP>','OK','189','<IP>','None','GET /token/','OK','None','None','','2015-12-29T14:43:55','None','**'
'','admin','None','1','<IP>','OK','190','<IP>','None','GET /realm/','OK','None','None','','2015-12-29T14:43:55','None','None'
'','admin','None','1','<IP>','OK','191','<IP>','None','GET /audit/','OK','None','None','','2015-12-29T14:43:57','None','**'
'','admin','None','1','<IP>','FAIL','192','<IP>','None','GET /audit/<csvfile>','OK','None','None','','2015-12-29T14:44:19','None','None'
[root@satellite110 ~]# PYTHONWARNINGS="ignore:Unverified HTTPS request" \
> privacyidea-authorizedkeys root
ssh-rss AAAAB3Nz....gq3OfrrRj4/+O8XC6XT9k= iphone-rsa-key-20151225
[root@satellite110 ~]#
> > can p...