Is Centralized SSH Public Key Authentication Possible?

Peter Lambrechtsen plambrechtsen at
Thu Feb 18 05:07:21 CET 2010

On Thu, Feb 18, 2010 at 11:47 AM, Nick Owen <owen.nick at> wrote:

> On Wed, Feb 17, 2010 at 3:24 PM, John L. Singleton <jsinglet at>wrote:
>> Hi All,
>> I am trying to set up a centralized SSH authentication server that allows
>> authentication via public keys. I can't find anything on the web about if
>> this is possible with FR. Is it? Basically all I need is for FR to allow
>> authentication off of a respective users's .ssh/.authorized_keys file. So
>> far all I can seem to get going is password authentication. Can anyone let
>> me know if this is even doable?--
> You are probably barking up the wrong tree with freeradius.  Check out this
> tutorial I wrote on setting up a centralized SSH server:
> The difference is that I suggest using two-factor authentication with OTPs
> to get into the key server (because public key SSH does not meet certain
> regulatory requirements).   You may want to use Freeradius to route  the
> OTPs to the auth server.
If it were me I would put it into LDAP rather than Radius.

Since that's what LDAP does well.

If you google for "OpenSSH LDAP LPK " you will find this site:*openssh*-*lpk *which is the LPK patches for OpenSSH which
work (albiet not the most pretty) with a centralised OpenSSH LDAP store for
your authorized keys.

I personally use this and it works well.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list