[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: attribute for storing SSH RSA host keys
On 04/16/2014 11:20 AM, Michael Ströder wrote:
> It's quite usual nowadays to use this when dealing with SSH keys in LDAP entries:
>
> https://code.google.com/p/openssh-lpk/
Found this in sshd_config(5):
*------snip-------
AuthorizedKeysCommand*
Specifies a program to be used to look up the user's public keys.
The program must be owned by root and not writable by group or
others. It will be invoked with a single argument of the
username being authenticated, and should produce on standard
output zero or more lines of authorized_keys output (see
AUTHORIZED_KEYS in sshd(8) <http://www.openssh.com/cgi-bin/man.cgi?query=sshd&sektion=8&arch=&apropos=0&manpath=OpenBSD+Current>). If a key supplied by
AuthorizedKeysCommand does not successfully authenticate and
authorize the user then public key authentication continues using
the usual *AuthorizedKeysFile* files. By default, no
AuthorizedKeysCommand is run
------snip-------
> The schema file:
>
> http://code.google.com/p/openssh-lpk/source/browse/trunk/schemas/openssh-lpk_openldap.schema
You would still need a schema like that, though, but at least no
patching OpenSSH anymore.
-Stephan