authkeys
authkeys
This is intended to be used as an AuthorizedKeysCommand
for OpenSSH. LDAP connection options are read from sssd.conf
. authkeys
talks directly to LDAP and thus is not subject to the sssd
caching policies from which sss_ssh_authorizedkeys
suffers.
If you don't have an existing sssd.conf
a sample is provided containing the minimal options needed by authkeys
plus optional options commented with their defaults. Modify this file and specify with the -c
option.
Only sssd configuration file format version 2 is supported, and only the following options are used:
id_provider
(must beldap
)ldap_uri
ldap_search_base
ldap_access_filter
ldap_user_name
ldap_user_ssh_public_key
ldap_id_use_start_tls
ldap_default_bind_dn
ldap_default_authtok
ldap_search_timeout
By default an sssd
domain of default
is used, this can be changed with -d
.
ldap://
, ldaps://
and ldap://
-with-STARTTLS connections are supported. (Although sssd
does not support ldap://
connections without STARTTLS.) If an ldaps://
URI is given then ldap_id_use_start_tls
is ignored.
ldap_default_authtok_type
is ignored and thus the obfuscated_password
type is not supported.
With the exception of the --help
option, authkeys
outputs only zero or more SSH keys to standard output, and nothing to standard error (except when it crashes, in which case please report a bug). Errors, if any, are sent to syslog, even when run at the command line. If errors result in a failure to fetch SSH keys then authkeys
outputs nothing.
To use first install Crystal then fetch dependencies and build in one step:
shards build --release
At the time of writing the Crystal compiler is quite slow when compiling in release mode, so be patient. The executable will be written to bin/authkeys
. Copy this somewhere sensible (for example /usr/sbin/authkeys
) then add this line to /etc/ssh/sshd_config
:
AuthorizedKeysCommand /usr/sbin/authkeys
Initially written as a programming language comparison challenge/demonstration. LDAP access provided by this Shard.
authkeys
- 0
- 0
- 0
- 0
- 2
- over 3 years ago
- April 24, 2021
GNU General Public License v3.0
Sun, 24 Nov 2024 08:10:50 GMT