Home_greyopenFATE - openSUSE feature tracking > #312362
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

AuthorizedKeysCommand patch for openssh OR openssh-lpk

Feature state

Package Wishlist
Unconfirmed

Description

There has long been a need to combine opensshd authorized keys with ldap. A couple of solutions have come about, and I would love to see one of these make it mainstream with opensuse.
Here is one patch I have found that is supposedly being implemented on both Fedora and RHEL6 products: https://bugzilla.mindrot.org/show_bug.cgi?id=1663
Of course there is the openssh-lpk patch as well.
http://code.google.com/p/openssh-lpk

My company has standardized on suse some time ago, but by policy we require dual factor authentication (key and password). We can not move to an ldap solution until there is a way to integrate ssh keys into ldap. We are a growing company and it is getting to the stage where it is painful to manage each server individually without a centralized system for authentication.

User benefit:

This would make the SuSE suite of products SOOO much more business friendly while keeping security a priority (also important for businesses).

Usecase

If you have 200 servers, and a requirement for ssh keys, you have to install the key on each server every time you hire somebody new. (Or if you let somebody go, you have to remove it from each server.) Using ldap+ssh keys would allow you to do that from one place.

Discussion


icons/user_comment.png B. W. wrote: (3 years ago)

Of course, there are other (possibly more robust) approaches to deal with the use-case. e.g. having one master-copy of the authorized_keys file and doing

for i in `seq 1 200` ; do scp authorized_keys server$i:.ssh/ ; done

This avoids a single point of failure.

Last change: 3 years ago
Voting
Score: 3
  • Negative: 0
  • Neutral: 0
  • Positive: 3
Tags
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint