SSSD: Permission denied (publickey) error message

I ran into this random SSSD authentication issue this morning:

– Users were unable to SSH into a single server, receiving a SSH Public Key error message

– I restarted the SSSD service and confirmed that it could connect to Active Directory

– However, SSH wasn’t performing user looks to AD via SSSD

– The log files (/var/logs/sssd) didn’t display any obvious errors

– Using the sssd command to diagnose errors produced a random error:

sssd -d 9 -c /etc/sssd/sssd.conf -i

[check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory].

– This turned out to be a red herring, however.

– Eventually, I read this excellent article on the SSSD authentication process, which mentioned a NSS config file at /etc/nsswitch.conf

– Editing the file showing that it was missing all references to SSSD in it! The config file should look something like this:

passwd: compat sss
group: compat sss
shadow: compat sss
gshadow: files

hosts: files dns
networks: files

protocols: db files
services: db files sss
ethers: db files
rpc: db files

netgroup: nis sss
sudoers: files sss

Save the changes and restart the SSSD and SSH services, and you should be set to go now!

AWS Consulting

Casey Labs provides AWS consulting for growing companies, helping them to build secure server infrastructure in the cloud.

Contact us today: [email protected]