2

I want to be able to manage all my users logins via OpenLDAP. I am using Centos 5.3, OpenSSH 4.3p2-42 and OpenLDAP 2.3.43. I have installed GOsa2.

Is there a GOsa plugin to manage the SSH keys in LDAP?

I came across the openssh-lpk patch but it applies against a newer OpenSSH. I don't want to break my server. Is there a yum repository available with this patch applied? Do I even need it?

How can I get OpenSSH to query the LDAP server for the keys? Can I configure PAM to do this somehow?

Advice is appreciated.

Thanks

1 Answers1

2

I have struggle one this one as well for some time. Firstly check the version of openssh is >6.2 then the syntax of the sshpublickey from gosa.

I had it on Debian 7.7 then dist upgrade to Debian 8 to get the latest openSSH features.

Do 

ldapsearch  -x '(&(objectClass=posixAccount)(uid='<Your user>'))' sshPublickey

If you have added it with gosa it will probably say something like

sshPublicKey::c3NoLXJzYSBBQUFBQ........ bla bla

This is because it is getting hashed in someway that I haven't figured out yet but you can at this manually with creating a file called e.g sshkey.ldif and add the following content

dn: cn=Jonas Pedersen,ou=people,dc=kirk,dc=local
changetype: modify
add: objectClass
objectClass: ldapPublicKey
-
add: sshPublicKey
sshPublicKey: ssh-rsa <your_key> "Comment" jkp@aptproxy

Then modify it with ldapmodify 

ldapmodify -x -D cn=admin,dc=kirk,dc=local -W -f sshkey.ldif

My entries looked like this with Gosa and with ldapmodify Gosa enter image description here

Then take a look here ldap-ssh-key

Community
  • 1
Sifungurux
  • 21
  • 4