AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:
CFG:
PT:0
S:andy.sharp@lsi.com
RQ:
SSV:mhbs.lsil.com
NSV:
SSH:
R:<Dave.Johnson@lsi.com>
MAID:2
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
RMID:#imap/LSI/INBOX	0	C5277CB418429641BC1498607A9F480593A4D65A@cosmail01.lsi.com
X-Sylpheed-End-Special-Headers: 1
Date: Fri, 21 Aug 2009 16:21:19 -0700
From: Andrew Sharp <andy.sharp@lsi.com>
To: "Johnson, Dave" <Dave.Johnson@lsi.com>
Subject: Re: ssh key authentication with AD accounts ?
Message-ID: <20090821162119.5158c811@ripper.onstor.net>
In-Reply-To: <C5277CB418429641BC1498607A9F480593A4D65A@cosmail01.lsi.com>
References: <C5277CB418429641BC1498607A9F480593A4D5EE@cosmail01.lsi.com>
	<20090821113621.5eb9bb93@ripper.onstor.net>
	<C5277CB418429641BC1498607A9F480593A4D65A@cosmail01.lsi.com>
Organization: LSI
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Fri, 21 Aug 2009 13:16:20 -0600 "Johnson, Dave"
<Dave.Johnson@lsi.com> wrote:

> Trying to use a windows AD account with ssh key authentication in
> order to execute remote commands on a filer for automation.

A windows AD account for which part?  Do you mean instead of creating a
user account on the gateway?

> A customer has a local account configured on the filers to do this
> and it intermittently fails the key auth, which falls back to
> interactive password, which of course fails and times out since it's
> an automated script.

Why does it fail the key auth?  That should never happen.

> Sandrine said to try Windows or NIS account but I don't see how we
> can create an ssh key for a remote user.

What's the difference between a Windows account and an AD account?

> http://wiki.onstor.net/wiki/Set_up_passwordless_SSH

Man, there's a wiki for everything.  Curious use of ssh-agent,
however.  I wouldn't bother with that step as it isn't needed really
and might be the source of the intermittent issues.

> Any ideas ?
> 
> -=dave
> 
> -----Original Message-----
> From: Andrew Sharp [mailto:andy.sharp@lsi.com] 
> Sent: Friday, August 21, 2009 11:36 AM
> To: Johnson, Dave
> Subject: Re: ssh key authentication with AD accounts ?
> 
> Which keys are you referring to?  Better yet, what is it that you are
> trying to achieve?
> 
> On Fri, 21 Aug 2009 11:53:46 -0600 "Johnson, Dave"
> <Dave.Johnson@lsi.com> wrote:
> 
> > Sandrine gave me the info below on configuring ssh for AD and NIS 
> > accounts but how do you configure the keys for the user ?
> > 
> > Thanks !
> > 
> > -=dave
> > 
> > -----Original Message-----
> > From: Boulanger, Sandrine
> > Sent: Thursday, August 13, 2009 10:27 AM
> > To: Johnson, Dave
> > Subject: ssh as a domain user
> > 
> > [sandrineb@sandrineb ~]$ ssh 10.2.10.7 -l MATRIX\\enguser 
> > MATRIX\enguser@10.2.10.7's password: Last login: Mon Aug  3 15:18:52
> > 2009 from 10.0.0.99
> > 
> > Welcome to the ONStor NAS Gateway.
> > 
> > g7r10> exit
> > Connection to 10.2.10.7 closed.
> > [sandrineb@sandrineb ~]$ ssh 10.2.10.7 -l enguser@onstorlab 
> > enguser@onstorlab@10.2.10.7's password: Last login: Thu Aug 13
> > 10:24:58 2009 from 10.0.0.99
> > 
> > Welcome to the ONStor NAS Gateway.
> > 
> > g7r10>
> > 
> > 
