[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSH Gateway
On Tue, 7 May 2013, Vishesh kumar wrote:
> I think here "User Information" will be fetched from ldap. Openssh will
> use library calls for getting ldap user information same as it do for
> users in /etc/passwd. Key based authentication will work in normal way
> but interested to see if key can be stored on ldap server.
[[This is not really OpenLDAP related, so I've set replies to me instead
of the list.]]
As of OpenSSH 6.2, released on March 22, 2013:
* sshd(8): Added a sshd_config(5) option AuthorizedKeysCommand to
support fetching authorized_keys from a command in addition to (or
instead of) from the filesystem. The command is run under an account
specified by an AuthorizedKeysCommandUser sshd_config(5) option.
So, you can configure sshd to run a script which invokes ldapsearch and
munges the output into the expected format. No need to hack ldap calls
directly into sshd.
Philip Guenther