Yes, ssh public key can be stored in OpenLDAP and then when a user attempts to login to a server using ssh + ldap authentication, the server will query ldap for the users private key and pair it up with the users public key.
Cheers! -- Dan On Tue, May 7, 2013 at 11:05 AM, Vishesh kumar <[email protected]>wrote: > I think here "User Information" will be fetched from ldap. Openssh will > use library calls for getting ldap user information same as it do for > users in /etc/passwd. Key based authentication will work in normal way but > interested to see if key can be stored on ldap server. > > Regards, > Vishesh Kumar > http://linuxmantra.com > > > On Tue, May 7, 2013 at 8:43 PM, Kwame Bahena <[email protected]> wrote: > >> Hi, >> >> Yes, you would only need to install openssh server on the OpenLDAP server >> if you want your users to connect to this server via ssh. >> >> Cheers! >> -- >> Dan >> >> >> On Tue, May 7, 2013 at 9:42 AM, Stuart Watson <[email protected]> wrote: >> >>> At the moment this is still in the planning stage. It's all Ubuntu >>> 10.04 LTS onwards. >>> >>> Is it possible to do this without install openssh server on the OpenLDAP >>> server? >>> >>> >>> On Tue, May 7, 2013 at 3:26 PM, Kwame Bahena <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> Your plan sounds accurate: >>>> >>>> 1. Yes >>>> 2. Yes >>>> 3. If you want your users to connect to the OpenLDAP server via ssh, >>>> then yes, you need to install ssh server on that box >>>> 4. Yes >>>> >>>> What have you done so far? Which distro are you using? >>>> >>>> Cheers! >>>> -- >>>> Dan >>>> >>>> >>>> On Tue, May 7, 2013 at 4:21 AM, Stuart Watson <[email protected]>wrote: >>>> >>>>> Hi >>>>> >>>>> I am looking at creating a SSH gateway using OpenLDAP. The idea is to >>>>> store our devs public keys in OpenLdap, which would give us the ability to >>>>> control who has SSH access to our servers. >>>>> >>>>> Currently everyone shares the same key which means it is impossible to >>>>> control access. >>>>> >>>>> Do I just need to... >>>>> >>>>> Install OpenLDAP >>>>> Import the public keys into OpenLDAP >>>>> Install OpenSSH Server on the OpenLDAP server and configure it to use >>>>> LDAP. >>>>> Configutre the remote servers to use the OpenLDAP servers to >>>>> authenticate >>>>> >>>>> The the devs can ssh from their computers through the OpenLDAP server >>>>> to the remote servers. >>>>> >>>>> Can anyone help? >>>>> >>>>> Thanks >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>> >> > > > -- > >
