6

I have a Postgresql database full of user accounts, and i would like to allow these user to access a server through ssh, using only public keys authentification.

So far, i have setup these parts on an Ubuntu Server:

  1. libnss-pgsql2 to connect NSS to several database views listing my users in a Unix compatible format
  2. libpam-pgsql to allow PAM authentification using these same views
  3. sshd AuthorizedKeysCommand with a script that authenticates users with their public key (still from the postgresql database).

Is there a simpler way to go around this problem ? I have issues setting up correctly the nss configuration (lack of documentation & logs).

Thanks for your time & help.

Bastien Abadie
  • 61
  • 3
  • 2
    You've only got 3 parts listed, and you want something *simpler* ?? – Chris S Feb 04 '14 at 18:34
  • That sounds like about the best you're going to get to me. Thanks for mentioning `AuthorizedKeysCommand`; I've been frustrated with the difficulty of getting OpenSSH to play properly with LDAP and X.509 certs, and that offers a useful workaround. – Craig Ringer Feb 05 '14 at 02:01

2 Answers2

0

you can use ssh tunneling to allow user to connect to your database. such as

ssh -L local_port:IP address/hostname:server_port user@IP address/hostname.

here user will be OS user so it best to provide postgres superuser to connect.

But keep in mind that the postgresql database server must be on that server.

once done u can connect using simple psql command as

psql -h hostname/IP address -p port -U user -d database

user234918
  • 11
  • 2
0

I would dump your users from DB into LDAP and load it into local LDAP. You can automate updates easily. This would make your OS to query users from LDAP and it would be much more portable - libnss-pgsql2 is not on every UNIX-like system, if you would ever like to move out from Linux. You never know ;)

Jiri B
  • 497
  • 2
  • 11