Is Centralized SSH Public Key Authentication Possible?
Peter Lambrechtsen
plambrechtsen at gmail.com
Thu Feb 18 05:07:21 CET 2010
On Thu, Feb 18, 2010 at 11:47 AM, Nick Owen <owen.nick at gmail.com> wrote:
> On Wed, Feb 17, 2010 at 3:24 PM, John L. Singleton <jsinglet at gmail.com>wrote:
>
>> Hi All,
>>
>> I am trying to set up a centralized SSH authentication server that allows
>> authentication via public keys. I can't find anything on the web about if
>> this is possible with FR. Is it? Basically all I need is for FR to allow
>> authentication off of a respective users's .ssh/.authorized_keys file. So
>> far all I can seem to get going is password authentication. Can anyone let
>> me know if this is even doable?--
>>
>
>
> You are probably barking up the wrong tree with freeradius. Check out this
> tutorial I wrote on setting up a centralized SSH server:
> http://www.howtoforge.net/secure_ssh_with_wikid_two_factor_authentication.
> The difference is that I suggest using two-factor authentication with OTPs
> to get into the key server (because public key SSH does not meet certain
> regulatory requirements). You may want to use Freeradius to route the
> OTPs to the auth server.
>
>
If it were me I would put it into LDAP rather than Radius.
Since that's what LDAP does well.
If you google for "OpenSSH LDAP LPK " you will find this site:
code.google.com/p/*openssh*-*lpk *which is the LPK patches for OpenSSH which
work (albiet not the most pretty) with a centralised OpenSSH LDAP store for
your authorized keys.
I personally use this and it works well.
Thanks
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100218/e0cbd3fa/attachment.html>
More information about the Freeradius-Users
mailing list