Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vitus98562020-07-11 22:59:10
SSH
Vitus9856, 2020-07-11 22:59:10

Key authentication in SSH from AD. What are the options (I want not to distribute the keys, but online)?

I want to authenticate in bulk (more than a hundred) users through ssh keys, but store them in AD\Scheme. The solution suggests itself AD<>FreeIPA<>Linux Host (SSSD+OpenSSH)
Question: did anyone take off? What is better to do - a trust or a domain member on FreeIPA? were there any workflows?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
G
g0ha, 2020-07-13
@g0ha

Freeipa has everything out of the box, the key can be loaded both through the face and through the rest api or ldapmodify

Report
A
Alexander Semenenko, 2020-07-16
@semenenko88

So it is possible to pass authentication through kerberos. There, linux is entered into the domain, then ssh (/etc/ssh/sshd_config) config is edited like this:

KerberosAuthentication yes
KerberosTicketCleanup yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

Similar questions
M
Mikhail Gavrilyuk2020-09-21 11:13:20
What needs to be done to immediately get to the right folder when connecting via ssh to a remote server (hosting)? 3Reply
I
IvanOne2022-01-17 17:41:48
How to connect to the server if the ssh key has changed? 2Reply
A
Alexey Kot2016-06-21 18:08:38
Why does the server stop responding remotely? 2Reply
T
teet2014-05-24 12:29:53
SSH multihop and text editors 1Reply
R
Rozello2016-07-02 14:51:04
How to send requests from LWP through socket tunnel returned by Net::OpenSSH? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question