[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSH Gateway

Ok, I've installed openldap from the Ubuntu repo's and have installed phpldapadmin, but I cant see how to add a ssh key....

What am I missing?


On Tue, May 7, 2013 at 5:38 PM, Kwame Bahena <informatux@gmail.com> wrote:
Yes, ssh public key can be stored in OpenLDAP and then when a user attempts to login to a server using ssh + ldap authentication, the server will query ldap for the users private key and pair it up with the users public key.

Cheers!
--
Dan



On Tue, May 7, 2013 at 11:05 AM, Vishesh kumar <linuxtovishesh@gmail.com> wrote:
I think here "User Information" will be fetched from ldap. Openssh will useÂÂlibrary calls for getting ldap user information same as it do for users in /etc/passwd. Key based authentication will work in normal way but interested to see if key can be stored on ldap server.

Regards,
Vishesh Kumar
http://linuxmantra.com


On Tue, May 7, 2013 at 8:43 PM, Kwame Bahena <informatux@gmail.com> wrote:
Hi,

Yes, you would only need to install openssh server on the OpenLDAP server if you want your users to connect to this server via ssh.

Cheers!
--
Dan


On Tue, May 7, 2013 at 9:42 AM, Stuart Watson <strtwtsn@gmail.com> wrote:
At the moment this is still in the planning stage. ÂIt's all Ubuntu 10.04 LTS onwards.

Is it possible to do this without install openssh server on the OpenLDAP server?


On Tue, May 7, 2013 at 3:26 PM, Kwame Bahena <informatux@gmail.com> wrote:
Hi,Â

Your plan sounds accurate:

1. Yes
2. Yes
3. If you want your users to connect to the OpenLDAP server via ssh, then yes, you need to install ssh server on that box
4. Yes

What have you done so far? Which distro are you using?

Cheers!
--
Dan


On Tue, May 7, 2013 at 4:21 AM, Stuart Watson <strtwtsn@gmail.com> wrote:
Hi

I am looking at creating a SSH gateway using OpenLDAP. ÂThe idea is to store our devs public keys in OpenLdap, which would give us the ability to control who has SSH access to our servers.

Currently everyone shares the same key which means it is impossible to control access.

Do I just need to...

Install OpenLDAP
Import the public keys into OpenLDAP
Install OpenSSH Server on the OpenLDAP server and configure it to use LDAP.
Configutre the remote servers to use the OpenLDAP servers to authenticate

The the devs can ssh from their computers through the OpenLDAP server to the remote servers.

Can anyone help?

Thanks




Â






--