[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSH Gateway

To: Stuart Watson <strtwtsn@gmail.com>, openldap-technical@openldap.org
Subject: Re: SSH Gateway
From: Howard Chu <hyc@symas.com>
Date: Tue, 07 May 2013 03:41:17 -0700
In-reply-to: <CAASotFnKHy1CjRdJp5gY=t_wLEhrmajzp96VhzLvwMfT8A7L8Q@mail.gmail.com>
References: <CAASotFnKHy1CjRdJp5gY=t_wLEhrmajzp96VhzLvwMfT8A7L8Q@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0 SeaMonkey/2.20a1

Stuart Watson wrote:

Hi

I am looking at creating a SSH gateway using OpenLDAP.  The idea is to store
our devs public keys in OpenLdap, which would give us the ability to control
who has SSH access to our servers.

Currently everyone shares the same key which means it is impossible to control
access.

Do I just need to...

Install OpenLDAP
Import the public keys into OpenLDAP
Install OpenSSH Server on the OpenLDAP server and configure it to use LDAP.
Configutre the remote servers to use the OpenLDAP servers to authenticate

The the devs can ssh from their computers through the OpenLDAP server to the
remote servers.

Can anyone help?

Sounds more like a question for the OpenSSH mailing lists. The last I knew,they refused to integrate patches providing LDAP key lookup support.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- SSH Gateway
  - From: Stuart Watson <strtwtsn@gmail.com>

Prev by Date: SSH Gateway
Next by Date: Re: Using LDAP how to restrict users to certain applications only
Index(es):
- Chronological
- Thread