I think here "User Information" will be fetched from ldap. Openssh will use library calls for getting ldap user information same as it do for users in /etc/passwd. Key based authentication will work in normal way but interested to see if key can be stored on ldap server.
Regards, Vishesh Kumar http://linuxmantra.com On Tue, May 7, 2013 at 8:43 PM, Kwame Bahena <[email protected]> wrote: > Hi, > > Yes, you would only need to install openssh server on the OpenLDAP server > if you want your users to connect to this server via ssh. > > Cheers! > -- > Dan > > > On Tue, May 7, 2013 at 9:42 AM, Stuart Watson <[email protected]> wrote: > >> At the moment this is still in the planning stage. It's all Ubuntu 10.04 >> LTS onwards. >> >> Is it possible to do this without install openssh server on the OpenLDAP >> server? >> >> >> On Tue, May 7, 2013 at 3:26 PM, Kwame Bahena <[email protected]>wrote: >> >>> Hi, >>> >>> Your plan sounds accurate: >>> >>> 1. Yes >>> 2. Yes >>> 3. If you want your users to connect to the OpenLDAP server via ssh, >>> then yes, you need to install ssh server on that box >>> 4. Yes >>> >>> What have you done so far? Which distro are you using? >>> >>> Cheers! >>> -- >>> Dan >>> >>> >>> On Tue, May 7, 2013 at 4:21 AM, Stuart Watson <[email protected]>wrote: >>> >>>> Hi >>>> >>>> I am looking at creating a SSH gateway using OpenLDAP. The idea is to >>>> store our devs public keys in OpenLdap, which would give us the ability to >>>> control who has SSH access to our servers. >>>> >>>> Currently everyone shares the same key which means it is impossible to >>>> control access. >>>> >>>> Do I just need to... >>>> >>>> Install OpenLDAP >>>> Import the public keys into OpenLDAP >>>> Install OpenSSH Server on the OpenLDAP server and configure it to use >>>> LDAP. >>>> Configutre the remote servers to use the OpenLDAP servers to >>>> authenticate >>>> >>>> The the devs can ssh from their computers through the OpenLDAP server >>>> to the remote servers. >>>> >>>> Can anyone help? >>>> >>>> Thanks >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >> > --
