0

So we are trying to lock down our systems to be accessed only by a few logical users (users on the Linux machines) but many physical users.

That is all the developers can login as user dev with their own SSH Key.

The question is how to manage the users public SSH keys so that they can easily add (or I the adminstrator can) to all the various systems.

Ideally this would be some SSL web interface similar to how github or bitbucket works where you can (or sys admin) can add your SSH key.

Is there admin software out there that makes this easy or do I have to roll my own?

I meant to post this question on ServerFault and I can't seem to close it here (not enough rep).

Improve this question

1 Answer 1

Reset to default
1

You are looking for LDAP authentication with ssh-keys.

One of most robust and advanced solutions is using Gosa panel as a frontend for Slapd LDAP server that can manage sudo and ssh keys over the systems. You will have to install ssh-ldap patched version (it's called openssh-lpk) http://code.google.com/p/openssh-lpk/

So generally summing this up this is what you have to set up:

  1. Ldap server (for example slapd)
  2. Frontend panel for ldap server (optional)
  3. connect all machines to enable ssh-ldap authentication
  4. patch ssh servers so they will respect ldap ssh keys (it's fully managable via gosa)
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.