[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSH Gateway



On Tue, 7 May 2013, Vishesh kumar wrote:
> I think here "User Information" will be fetched from ldap. Openssh will 
> use library calls for getting ldap user information same as it do for 
> users in /etc/passwd. Key based authentication will work in normal way 
> but interested to see if key can be stored on ldap server.

[[This is not really OpenLDAP related, so I've set replies to me instead 
of the list.]]

As of OpenSSH 6.2, released on March 22, 2013:

* sshd(8): Added a sshd_config(5) option AuthorizedKeysCommand to
   support fetching authorized_keys from a command in addition to (or
   instead of) from the filesystem. The command is run under an account
   specified by an AuthorizedKeysCommandUser sshd_config(5) option.


So, you can configure sshd to run a script which invokes ldapsearch and 
munges the output into the expected format.  No need to hack ldap calls 
directly into sshd.


Philip Guenther