Stephan Fabel wrote: > On 04/16/2014 11:20 AM, Michael Ströder wrote: >> It's quite usual nowadays to use this when dealing with SSH keys in LDAP entries: >> >> https://code.google.com/p/openssh-lpk/ > > Found this in sshd_config(5): > > *------snip------- > AuthorizedKeysCommand* > Specifies a program to be used to look up the user's public keys. > The program must be owned by root and not writable by group or > others. It will be invoked with a single argument of the > username being authenticated, and should produce on standard > output zero or more lines of authorized_keys output (see > AUTHORIZED_KEYS in sshd(8) <http://www.openssh.com/cgi-bin/man.cgi?query=sshd&sektion=8&arch=&apropos=0&manpath=OpenBSD+Current>). If a key supplied by > AuthorizedKeysCommand does not successfully authenticate and > authorize the user then public key authentication continues using > the usual *AuthorizedKeysFile* files. By default, no > AuthorizedKeysCommand is run > ------snip------- Yes, that would be usable for retrieving authorized keys remotely though I personally prefer to sync SSH authorized keys to a central directory and set AuthorizedKeysFile accordingly. But I understood the original poster that he wants to generate a known hosts file by retrieving all the *host* keys from LDAP. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature