authorized_keys
and known_hosts
files, SSH keys are uploaded to theircorresponding user and host entries in FreeIPA.authorized_keys
file on the target host. When the user attemptsto log in, she presents her public key and the host grants access ifher key is in an authorized_keys
file. There are system-wideand per-user authorized_keys
files, but if the target systems donot mount a network-backed home directory (e.g. NFS), then the usermust copy her public key to every system she intends to log in to./home/alice/.ssh/id_rsa.pub
in anOpenSSH-specific format. alice
can now upload it to her userentry in FreeIPA:allow_all
HBAC rule, add a new rulethat will allow ``alice`` to access the ``sshd`` service on anyhost.sshd
log on the server:known_hosts
file. On subsequent attempts to log in, the client checks itsknown_hosts
files. If the presented host key does not match thestored host key, the OpenSSH client refuses to continue.