0

I work somewhere with a lot of Linux and VPS servers. When someone joins the company, other staff members need to add his SSH key to each server; conversely, if someone leaves, all of his SSH keys need to be removed. SSH keys are the primary issue, but the larger difficulty is that a person has many accounts on various organizational software applications (such as Git, Jira, etc.) and has his dashboard.

I would like to know whether there is a way to manage a user's account across all organizational platforms. Or at least about management of Linux users and their SSH keys?

I researched about SSO programs like KeyClock, but I can't find which one can solve our problem. If you have a suggestion about the exact problem, please write in answers.

Improve this question

1 Answer 1

Reset to default
3

You can use Active directory to authenticate users across different platforms including linux. For linux one possible solution is to use sssd. Here is one example how to use it.

About storing keys you can use KeyCloak as it is described here.

I’ve solved that by storing an attribute that is a JSON string. I don’t know if there is a better way to do it, as I don’t believe there is a list type.

Of course you can use local LDAP which store user keys and expose them ssh.

Update LDAP to include the OpenSSH-LPK schema

We first need to update LDAP with a schema to add the sshPublicKey attribute for users:
Create a script that queries LDAP for a user's public key:
Update sshd_config to point to the script from the previous step

Improve this answer
1
  • 1
    Thanks for your response. I will test it. Commented Nov 4, 2023 at 8:44

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.