Hi
I am looking at creating a SSH gateway using OpenLDAP. The idea is to store our devs public keys in OpenLdap, which would give us the ability to control who has SSH access to our servers.
Currently everyone shares the same key which means it is impossible to control access.
Do I just need to...
Install OpenLDAP Import the public keys into OpenLDAP Install OpenSSH Server on the OpenLDAP server and configure it to use LDAP. Configutre the remote servers to use the OpenLDAP servers to authenticate
The the devs can ssh from their computers through the OpenLDAP server to the remote servers.
Can anyone help?
Thanks
Stuart Watson wrote:
Hi
I am looking at creating a SSH gateway using OpenLDAP. The idea is to store our devs public keys in OpenLdap, which would give us the ability to control who has SSH access to our servers.
Currently everyone shares the same key which means it is impossible to control access.
Do I just need to...
Install OpenLDAP Import the public keys into OpenLDAP Install OpenSSH Server on the OpenLDAP server and configure it to use LDAP. Configutre the remote servers to use the OpenLDAP servers to authenticate
The the devs can ssh from their computers through the OpenLDAP server to the remote servers.
Can anyone help?
Sounds more like a question for the OpenSSH mailing lists. The last I knew, they refused to integrate patches providing LDAP key lookup support.
Hi,
Your plan sounds accurate:
1. Yes 2. Yes 3. If you want your users to connect to the OpenLDAP server via ssh, then yes, you need to install ssh server on that box 4. Yes
What have you done so far? Which distro are you using?
Cheers! -- Dan
On Tue, May 7, 2013 at 4:21 AM, Stuart Watson strtwtsn@gmail.com wrote:
Hi
I am looking at creating a SSH gateway using OpenLDAP. The idea is to store our devs public keys in OpenLdap, which would give us the ability to control who has SSH access to our servers.
Currently everyone shares the same key which means it is impossible to control access.
Do I just need to...
Install OpenLDAP Import the public keys into OpenLDAP Install OpenSSH Server on the OpenLDAP server and configure it to use LDAP. Configutre the remote servers to use the OpenLDAP servers to authenticate
The the devs can ssh from their computers through the OpenLDAP server to the remote servers.
Can anyone help?
Thanks
At the moment this is still in the planning stage. It's all Ubuntu 10.04 LTS onwards.
Is it possible to do this without install openssh server on the OpenLDAP server?
On Tue, May 7, 2013 at 3:26 PM, Kwame Bahena informatux@gmail.com wrote:
Hi,
Your plan sounds accurate:
- Yes
- Yes
- If you want your users to connect to the OpenLDAP server via ssh, then
yes, you need to install ssh server on that box 4. Yes
What have you done so far? Which distro are you using?
Cheers!
Dan
On Tue, May 7, 2013 at 4:21 AM, Stuart Watson strtwtsn@gmail.com wrote:
Hi
I am looking at creating a SSH gateway using OpenLDAP. The idea is to store our devs public keys in OpenLdap, which would give us the ability to control who has SSH access to our servers.
Currently everyone shares the same key which means it is impossible to control access.
Do I just need to...
Install OpenLDAP Import the public keys into OpenLDAP Install OpenSSH Server on the OpenLDAP server and configure it to use LDAP. Configutre the remote servers to use the OpenLDAP servers to authenticate
The the devs can ssh from their computers through the OpenLDAP server to the remote servers.
Can anyone help?
Thanks
Hi,
Yes, you would only need to install openssh server on the OpenLDAP server if you want your users to connect to this server via ssh.
Cheers! -- Dan
On Tue, May 7, 2013 at 9:42 AM, Stuart Watson strtwtsn@gmail.com wrote:
At the moment this is still in the planning stage. It's all Ubuntu 10.04 LTS onwards.
Is it possible to do this without install openssh server on the OpenLDAP server?
On Tue, May 7, 2013 at 3:26 PM, Kwame Bahena informatux@gmail.com wrote:
Hi,
Your plan sounds accurate:
- Yes
- Yes
- If you want your users to connect to the OpenLDAP server via ssh, then
yes, you need to install ssh server on that box 4. Yes
What have you done so far? Which distro are you using?
Cheers!
Dan
On Tue, May 7, 2013 at 4:21 AM, Stuart Watson strtwtsn@gmail.com wrote:
Hi
I am looking at creating a SSH gateway using OpenLDAP. The idea is to store our devs public keys in OpenLdap, which would give us the ability to control who has SSH access to our servers.
Currently everyone shares the same key which means it is impossible to control access.
Do I just need to...
Install OpenLDAP Import the public keys into OpenLDAP Install OpenSSH Server on the OpenLDAP server and configure it to use LDAP. Configutre the remote servers to use the OpenLDAP servers to authenticate
The the devs can ssh from their computers through the OpenLDAP server to the remote servers.
Can anyone help?
Thanks
I think here "User Information" will be fetched from ldap. Openssh will use library calls for getting ldap user information same as it do for users in /etc/passwd. Key based authentication will work in normal way but interested to see if key can be stored on ldap server.
Regards, Vishesh Kumar http://linuxmantra.com
On Tue, May 7, 2013 at 8:43 PM, Kwame Bahena informatux@gmail.com wrote:
Hi,
Yes, you would only need to install openssh server on the OpenLDAP server if you want your users to connect to this server via ssh.
Cheers!
Dan
On Tue, May 7, 2013 at 9:42 AM, Stuart Watson strtwtsn@gmail.com wrote:
At the moment this is still in the planning stage. It's all Ubuntu 10.04 LTS onwards.
Is it possible to do this without install openssh server on the OpenLDAP server?
On Tue, May 7, 2013 at 3:26 PM, Kwame Bahena informatux@gmail.comwrote:
Hi,
Your plan sounds accurate:
- Yes
- Yes
- If you want your users to connect to the OpenLDAP server via ssh,
then yes, you need to install ssh server on that box 4. Yes
What have you done so far? Which distro are you using?
Cheers!
Dan
On Tue, May 7, 2013 at 4:21 AM, Stuart Watson strtwtsn@gmail.comwrote:
Hi
I am looking at creating a SSH gateway using OpenLDAP. The idea is to store our devs public keys in OpenLdap, which would give us the ability to control who has SSH access to our servers.
Currently everyone shares the same key which means it is impossible to control access.
Do I just need to...
Install OpenLDAP Import the public keys into OpenLDAP Install OpenSSH Server on the OpenLDAP server and configure it to use LDAP. Configutre the remote servers to use the OpenLDAP servers to authenticate
The the devs can ssh from their computers through the OpenLDAP server to the remote servers.
Can anyone help?
Thanks
--
On Tue, 7 May 2013, Vishesh kumar wrote:
I think here "User Information" will be fetched from ldap. Openssh will use library calls for getting ldap user information same as it do for users in /etc/passwd. Key based authentication will work in normal way but interested to see if key can be stored on ldap server.
[[This is not really OpenLDAP related, so I've set replies to me instead of the list.]]
As of OpenSSH 6.2, released on March 22, 2013:
* sshd(8): Added a sshd_config(5) option AuthorizedKeysCommand to support fetching authorized_keys from a command in addition to (or instead of) from the filesystem. The command is run under an account specified by an AuthorizedKeysCommandUser sshd_config(5) option.
So, you can configure sshd to run a script which invokes ldapsearch and munges the output into the expected format. No need to hack ldap calls directly into sshd.
Philip Guenther
Yes, ssh public key can be stored in OpenLDAP and then when a user attempts to login to a server using ssh + ldap authentication, the server will query ldap for the users private key and pair it up with the users public key.
Cheers! -- Dan
On Tue, May 7, 2013 at 11:05 AM, Vishesh kumar linuxtovishesh@gmail.comwrote:
I think here "User Information" will be fetched from ldap. Openssh will use library calls for getting ldap user information same as it do for users in /etc/passwd. Key based authentication will work in normal way but interested to see if key can be stored on ldap server.
Regards, Vishesh Kumar http://linuxmantra.com
On Tue, May 7, 2013 at 8:43 PM, Kwame Bahena informatux@gmail.com wrote:
Hi,
Yes, you would only need to install openssh server on the OpenLDAP server if you want your users to connect to this server via ssh.
Cheers!
Dan
On Tue, May 7, 2013 at 9:42 AM, Stuart Watson strtwtsn@gmail.com wrote:
At the moment this is still in the planning stage. It's all Ubuntu 10.04 LTS onwards.
Is it possible to do this without install openssh server on the OpenLDAP server?
On Tue, May 7, 2013 at 3:26 PM, Kwame Bahena informatux@gmail.comwrote:
Hi,
Your plan sounds accurate:
- Yes
- Yes
- If you want your users to connect to the OpenLDAP server via ssh,
then yes, you need to install ssh server on that box 4. Yes
What have you done so far? Which distro are you using?
Cheers!
Dan
On Tue, May 7, 2013 at 4:21 AM, Stuart Watson strtwtsn@gmail.comwrote:
Hi
I am looking at creating a SSH gateway using OpenLDAP. The idea is to store our devs public keys in OpenLdap, which would give us the ability to control who has SSH access to our servers.
Currently everyone shares the same key which means it is impossible to control access.
Do I just need to...
Install OpenLDAP Import the public keys into OpenLDAP Install OpenSSH Server on the OpenLDAP server and configure it to use LDAP. Configutre the remote servers to use the OpenLDAP servers to authenticate
The the devs can ssh from their computers through the OpenLDAP server to the remote servers.
Can anyone help?
Thanks
--
Ok, I've installed openldap from the Ubuntu repo's and have installed phpldapadmin, but I cant see how to add a ssh key....
What am I missing?
On Tue, May 7, 2013 at 5:38 PM, Kwame Bahena informatux@gmail.com wrote:
Yes, ssh public key can be stored in OpenLDAP and then when a user attempts to login to a server using ssh + ldap authentication, the server will query ldap for the users private key and pair it up with the users public key.
Cheers!
Dan
On Tue, May 7, 2013 at 11:05 AM, Vishesh kumar linuxtovishesh@gmail.comwrote:
I think here "User Information" will be fetched from ldap. Openssh will use library calls for getting ldap user information same as it do for users in /etc/passwd. Key based authentication will work in normal way but interested to see if key can be stored on ldap server.
Regards, Vishesh Kumar http://linuxmantra.com
On Tue, May 7, 2013 at 8:43 PM, Kwame Bahena informatux@gmail.comwrote:
Hi,
Yes, you would only need to install openssh server on the OpenLDAP server if you want your users to connect to this server via ssh.
Cheers!
Dan
On Tue, May 7, 2013 at 9:42 AM, Stuart Watson strtwtsn@gmail.comwrote:
At the moment this is still in the planning stage. It's all Ubuntu 10.04 LTS onwards.
Is it possible to do this without install openssh server on the OpenLDAP server?
On Tue, May 7, 2013 at 3:26 PM, Kwame Bahena informatux@gmail.comwrote:
Hi,
Your plan sounds accurate:
- Yes
- Yes
- If you want your users to connect to the OpenLDAP server via ssh,
then yes, you need to install ssh server on that box 4. Yes
What have you done so far? Which distro are you using?
Cheers!
Dan
On Tue, May 7, 2013 at 4:21 AM, Stuart Watson strtwtsn@gmail.comwrote:
Hi
I am looking at creating a SSH gateway using OpenLDAP. The idea is to store our devs public keys in OpenLdap, which would give us the ability to control who has SSH access to our servers.
Currently everyone shares the same key which means it is impossible to control access.
Do I just need to...
Install OpenLDAP Import the public keys into OpenLDAP Install OpenSSH Server on the OpenLDAP server and configure it to use LDAP. Configutre the remote servers to use the OpenLDAP servers to authenticate
The the devs can ssh from their computers through the OpenLDAP server to the remote servers.
Can anyone help?
Thanks
--
openldap-technical@openldap.org
-
Howard Chu -
Kwame Bahena -
Philip Guenther -
Stuart Watson -
Vishesh kumar