Yes, ssh public key can be stored in OpenLDAP and then when a user attempts to login to a server using ssh + ldap authentication, the server will query ldap for the users private key and pair it up with the users public key.Cheers!--DanOn Tue, May 7, 2013 at 11:05 AM, Vishesh kumar <linuxtovishesh@gmail.com> wrote:
I think here "User Information" will be fetched from ldap. Openssh will useÂÂlibrary calls for getting ldap user information same as it do for users in /etc/passwd. Key based authentication will work in normal way but interested to see if key can be stored on ldap server.Regards,Vishesh Kumarhttp://linuxmantra.com--On Tue, May 7, 2013 at 8:43 PM, Kwame Bahena <informatux@gmail.com> wrote:
Hi,Yes, you would only need to install openssh server on the OpenLDAP server if you want your users to connect to this server via ssh.Cheers!--DanOn Tue, May 7, 2013 at 9:42 AM, Stuart Watson <strtwtsn@gmail.com> wrote:
At the moment this is still in the planning stage. ÂIt's all Ubuntu 10.04 LTS onwards.Is it possible to do this without install openssh server on the OpenLDAP server?On Tue, May 7, 2013 at 3:26 PM, Kwame Bahena <informatux@gmail.com> wrote:
Hi,ÂYour plan sounds accurate:1. Yes2. Yes3. If you want your users to connect to the OpenLDAP server via ssh, then yes, you need to install ssh server on that box4. YesWhat have you done so far? Which distro are you using?Cheers!--DanOn Tue, May 7, 2013 at 4:21 AM, Stuart Watson <strtwtsn@gmail.com> wrote:HiI am looking at creating a SSH gateway using OpenLDAP. ÂThe idea is to store our devs public keys in OpenLdap, which would give us the ability to control who has SSH access to our servers.Currently everyone shares the same key which means it is impossible to control access.Do I just need to...Install OpenLDAPImport the public keys into OpenLDAPInstall OpenSSH Server on the OpenLDAP server and configure it to use LDAP.Configutre the remote servers to use the OpenLDAP servers to authenticateThe the devs can ssh from their computers through the OpenLDAP server to the remote servers.Can anyone help?ThanksÂ