Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vitus98562020-07-11 22:59:10
SSH
Vitus9856, 2020-07-11 22:59:10

Key authentication in SSH from AD. What are the options (I want not to distribute the keys, but online)?

I want to authenticate in bulk (more than a hundred) users through ssh keys, but store them in AD\Scheme. The solution suggests itself AD<>FreeIPA<>Linux Host (SSSD+OpenSSH)
Question: did anyone take off? What is better to do - a trust or a domain member on FreeIPA? were there any workflows?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
G
g0ha, 2020-07-13
@g0ha

Freeipa has everything out of the box, the key can be loaded both through the face and through the rest api or ldapmodify

Report
A
Alexander Semenenko, 2020-07-16
@semenenko88

So it is possible to pass authentication through kerberos. There, linux is entered into the domain, then ssh (/etc/ssh/sshd_config) config is edited like this:

KerberosAuthentication yes
KerberosTicketCleanup yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

Similar questions
D
delkov2016-08-21 01:13:49
How to access a Linux server? 1Reply
K
krll-k2014-08-12 13:14:49
How to establish ssh connection by keys? 8Reply
E
elisey4742016-08-28 20:19:35
Is ssh secure? 4Reply
A
Alexey2019-02-02 13:35:33
Using multiple ssh keys for gitlab? 2Reply
I
Igor Tkhorik2016-09-05 20:00:11
The ssh service does not restart, what is the reason? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question