TWiki> UCSDTier2 Web>OpenSshGsiAuth (2012/08/08, TerrenceMartin)EditAttach

Open SSH with GSI Auth

This document covers the installation and configuration required to allow Open SSH with GSI Authentication

Installation

Grabbing Epel and OSG Packages

Install the Epel Repo (see OSG site for latest location)

Then install yum priorities, 

yum install yum-priorities

Followed by 

 rpm -Uvh http://repo.grid.iu.edu/osg-el5-release-latest.rpm

and then... 

yum install osg-ca-certs

and then... 

yum -y install fetch-crl

Install gsissh

This will bring in the ssh related globus packages 

 yum install gsissh

Install gsi-openssh-server 

 yum -y install gsi-openssh-server

Configuration

gsi-sshd configuration 

cd /etc/gsissh
mv sshd_config sshd_config.old
cp sshd_config.rpmnew sshd_config
/etc/init.d/gsissh reload

/etc/shadow

It standard RHEL or CentOS? local users accounts have their password set to 

!!
this will cause the logins to fail with a message like 

User username not allowed because account is locked

The fix is to replace the 

!!
in /etc/shadow for those users that are to login via gsissh

Authors

-- TerrenceMartin - 2012/08/08 -- TerrenceMartin - 2012/04/04

Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r3 - 2012/08/08 - 22:08:47 - TerrenceMartin
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback