ssh via public key authentication for users administered with NIS

Question

I'm experimenting with using NIS for centralizing the user management for a network of approx 20 servers.

I've got an NIS client and server working, and can ssh to the client machine and successfully log in, but only using a password. I'd like to be able to use public key authentication - how might I do this?

What does PubkeyAuthentication say in your sshd_config (default being yes)? Home directories being mounted properly? ~/.ssh/authorized_keys? — andol, Aug 17 '10 at 10:57
public key auth worked on client machine prior to making that machine use NIS. Your second point probably illustrates where I'm going wrong, as I'm not using NFS. I was hoping there was some way the SSH daemon could obtain authorized_keys over NIS? — Paul Dixon, Aug 17 '10 at 11:25

score 2 · Accepted Answer · answered Aug 17 '10 at 14:45

Sorry, AFAIK you can't distribute ssh keys over NIS - they live in ~/.ssh/authorized_keys. So NFS-mounted homedirs would do it. Or you could set up replication (presumably of just .ssh directories or others you choose) using something like unison.

score 2 · Answer 2 · answered May 22 '15 at 00:13

2

You can do it by mounting /home via NFS and setsebool use_nfs_home_dirs 1

answered May 22 '15 at 00:13

Memming

121
2

This really works and is slick solution. Should be the accepted answer because it actually addresses the issue, rather than suggesting something else. – craigdfrench Dec 12 '15 at 01:23

score 0 · Answer 3 · answered May 01 '23 at 21:58

I struggled with this today, perhaps found the solution.

You will not believe me, if I told you the solution was quite simple.

you are already sharing the /home directory of the NIS user to the NIS clients.
The idea behind the Password-Less authentication is that the id-rsa.pub should be in authorized_keys of the client machine. You already did that in the step 1.
Now what is stopping this to happen? or what is stopping the client machine to authenticate?
It's the super duper crapy selinux... .DISABLE THAT SELINUX.
or just run this command -> setsebool use_nfs_home_dirs 1

Well, if you need a proper setup for the NIS, go to this link below: https://www.insilico.jp/blog/2022/03/01/nis-nfs-ssh_key-cluster/

score 0 · Answer 4 · answered Aug 17 '10 at 11:43

0

I think maybe NIS isn't best suited to my needs, am looking at Puppet as an alternative way of providing centralized user administration.

answered Aug 17 '10 at 11:43

Paul Dixon

1,516
3
23
37

ssh via public key authentication for users administered with NIS

4 Answers4

Linked