Currently, I am using the PrivacyIDEA to manage centralized ssh key with the image below:
My path and file authen in the /etc/privacyidea/authorizedkeyscommand
[Default]
url=https://sshkey.test.com/
admin=admin
password=admin
nosslcheck=False
I’m having an issue, I didn’t get publickey when run command privacyidea-authorizedkeys ubuntu, Although, I added keyssh and assign it for server access from server in DC Public with error below:
[root@ubuntu ubuntu]# privacyidea-authorizedkeys ubuntu
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:1004: InsecureRequestWarning: Unverified HTTPS request is being made to host ‘sshkey.test.com’. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning,
Traceback (most recent call last):
File “/bin/privacyidea-authorizedkeys”, line 135, in
main()
File “/bin/privacyidea-authorizedkeys”, line 111, in main
no_ssl_check=args.nosslcheck or nosslcheck)
File “/usr/lib/python2.7/site-packages/privacyideautils/clientutils.py”, line 96, in init
self.set_credentials(username, password)
File “/usr/lib/python2.7/site-packages/privacyideautils/clientutils.py”, line 135, in set_credentials
raise Exception(“Invalid Credentials: %s” % r.status_code)
Exception: Invalid Credentials: 401
Error: Invalid Credentials: 401
But, the server in DC Local can get publickey with user ubuntu
[root@server3 ubuntu]# privacyidea-authorizedkeys ubuntu
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhqEYlFQqh+ji7XGMEfcq33+BAgE2o7zhAep+h2/r8hoTJdFzUZrapIUGqVP9X5nqiWDvwU0fHqgSnKGybdbjbUnCO9h9adO6EhY6dFWcUz+wedUh5LvoEMxQdqRLNJfe2Fe9JsusL63z9ZYTz3meL3pfrUwxt6AGczfV/ihvkUfTHX01xUfMUII4cjMOAnWw95kq11dO0rWzZ2dXOjD8LMMnFG5hd3jNRQOJgsbT/klJGMQAzmSMpj87vepr4VKjJVt85vMa8JuesJ2B0jGYtZIPZUlgPwOimizQwBXvTrX5f7M38P65QgvSkxw1W0WQhhJh6uPP8hRjaqWm0WGfow== ubuntu@localhost.localdomain
Sorry, my english is not good
Please help me to solve this issue?
I can’t fix it
Please check if the admin and password in /etc/privacyidea/authorizedkeyscommand are valid credentials for privacyIDEA since You get an Error: Invalid Credentials: 401.
You can also check the audit log in privacyIDEA for the failed auth request and see if there are any hints on why the authentication failed.