Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

ssh-pubkey-ldap(8)

Name

ssh-pubkey-ldap - request public keys stored in an LDAP server

Synopsis

/usr/lib/ssh/ssh-pubkey-ldap [ username] 

Description

ssh-pubkey-ldap is used as a helper application for the OpenSSH sshd(8) server. It is designed to be the value of the AuthorizedKeysCommand setting in the sshd_config(5) file. When run, it requests a user's ssh(1) Public key from an LDAP server.

The name 'sshPublicKey' is the default ssh(1) public key attribute name in the LDAP schema. This application uses the ldapsearch(1OLDAP) command to request a user\'s SSH public key.

If no username is specified, then the username of the target user is automatically passed in by the AuthorizedKeysCommand setting in the sshd_config(5) file.

Examples

The recommended way to use this sshd(8) helper application is to configure the AuthorizedKeysCommand and the AuthorizedKeysCommandUser settings in the sshd_config(5) file. Example 2 shows how this application can be used from the command line with a username specified as an option.

Example 1 Retrieving SSH public keys from LDAP This example shows how to configure the SSH server to retrieve the target user's public key from the LDAP server configured as the system nameservice. Add the following lines to sshd_config(5):
        AuthorizedKeysCommand /usr/lib/ssh/ssh-pubkey-ldap
        AuthorizedKeysCommandUser daemon

Note that the user of the ssh-pubkey-ldap program must be specified. This user must be able to read data from the LDAP server. It may be necessary in some cases to set 'root' as the AuthorizedKeysCommandUser if a restricted set of LDAP ACIs are in place and a proxy user is configured for the Solaris LDAP nameservice.

It may be appropriate to enable this for a subset of users using the Match block facility defined in sshd_config(5).

Example 2 Retrieving SSH public keys from LDAP only As example 1 above but also add the following entry to sshd_config(5) to ensure that no authorized_keys files in the users home directory are used.
        AuthorizedKeysFile /dev/null

Exit Status

The following exit values are returned:

0

Successful completion.

1

An error occurred.

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
network/ssh/ssh-utilities
Interface Stability
Uncommitted

See Also

ssh(1), sshd(8), sshd_config(5)