I would like to use public keys on my OS X servers for my LDAP users to use SSH. All indications from the OSX list is that it is not possible.
I was hoping someone on this list could confirm that LDAP/Key Pair/SSH is not possible or point me in the right direction to where someone has figured it out. I would like to centrally control SSH access and not have to have local accounts on all of my servers.
Any help is appreciated.
-----Original Message----- From: openldap-technical-bounces+christopher.barry=qlogic.com@openld ap.org [mailto:openldap-technical-bounces+christopher.barry=qlogic.co m@openldap.org] On Behalf Of openLDAP Sent: Wednesday, October 15, 2008 6:18 PM To: openldap-technical@openldap.org Subject: LDAP + SSH + Key Auth
I would like to use public keys on my OS X servers for my LDAP users to use SSH. All indications from the OSX list is that it is not possible.
I was hoping someone on this list could confirm that LDAP/Key Pair/SSH is not possible or point me in the right direction to where someone has figured it out. I would like to centrally control SSH access and not have to have local accounts on all of my servers.
Any help is appreciated.
May not be relevant, but...
Are your servers mounting a centralized storage for user's homes? If so, then they'll really only need to setup a key once from their desktop, and if you put users in groups that relate to the servers, then you can control which groups of users get to what servers by the AllowGroups directive in sshd_config.
Of course, it all depends on the pattern of access: * single desktop to many automounting servers - above works good. * many to many - it gets annoying...
HTH, -C
On Thursday 16 October 2008 01:11:15 Christopher Barry wrote:
-----Original Message----- From: openldap-technical-bounces+christopher.barry=qlogic.com@openld ap.org [mailto:openldap-technical-bounces+christopher.barry=qlogic.co m@openldap.org] On Behalf Of openLDAP Sent: Wednesday, October 15, 2008 6:18 PM To: openldap-technical@openldap.org Subject: LDAP + SSH + Key Auth
I would like to use public keys on my OS X servers for my LDAP users to use SSH. All indications from the OSX list is that it is not possible.
I was hoping someone on this list could confirm that LDAP/Key Pair/SSH is not possible or point me in the right direction to where someone has figured it out.
http://code.google.com/p/openssh-lpk
I would like to centrally control SSH access and not have to have local accounts on all of my servers.
Any help is appreciated.
May not be relevant, but...
Are your servers mounting a centralized storage for user's homes? If so, then they'll really only need to setup a key once from their desktop, and if you put users in groups that relate to the servers, then you can control which groups of users get to what servers by the AllowGroups directive in sshd_config.
Of course, it all depends on the pattern of access:
- single desktop to many automounting servers - above works good.
- many to many - it gets annoying...
Which is exactly when the LPK patch is useful.
Regards, Buchan
-----Original Message----- From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net] Sent: Thursday, October 16, 2008 3:29 AM To: openldap-technical@openldap.org Cc: Christopher Barry; openLDAP Subject: Re: LDAP + SSH + Key Auth
On Thursday 16 October 2008 01:11:15 Christopher Barry wrote:
-----Original Message----- From: openldap-technical-bounces+christopher.barry=qlogic.com@openld ap.org [mailto:openldap-technical-bounces+christopher.barry=qlogic.co m@openldap.org] On Behalf Of openLDAP Sent: Wednesday, October 15, 2008 6:18 PM To: openldap-technical@openldap.org Subject: LDAP + SSH + Key Auth
I would like to use public keys on my OS X servers for my LDAP users to use SSH. All indications from the OSX list is that it is not possible.
I was hoping someone on this list could confirm that LDAP/Key Pair/SSH is not possible or point me in the right direction to where someone has figured it out.
http://code.google.com/p/openssh-lpk
I would like to centrally control SSH access and not have to have local accounts on all of my servers.
Any help is appreciated.
May not be relevant, but...
Are your servers mounting a centralized storage for user's
homes? If so,
then they'll really only need to setup a key once from
their desktop,
and if you put users in groups that relate to the servers,
then you can
control which groups of users get to what servers by the AllowGroups directive in sshd_config.
Of course, it all depends on the pattern of access:
- single desktop to many automounting servers - above works good.
- many to many - it gets annoying...
Which is exactly when the LPK patch is useful.
Regards, Buchan
Nice! Thanks for the link Buchan.
-C
openldap-technical@openldap.org
-
Buchan Milne -
Christopher Barry -
openLDAP