I have a Postgresql database full of user accounts, and i would like to allow these user to access a server through ssh, using only public keys authentification.
So far, i have setup these parts on an Ubuntu Server:
- libnss-pgsql2 to connect NSS to several database views listing my users in a Unix compatible format
- libpam-pgsql to allow PAM authentification using these same views
- sshd AuthorizedKeysCommand with a script that authenticates users with their public key (still from the postgresql database).
Is there a simpler way to go around this problem ? I have issues setting up correctly the nss configuration (lack of documentation & logs).
Thanks for your time & help.
AuthorizedKeysCommand
; I've been frustrated with the difficulty of getting OpenSSH to play properly with LDAP and X.509 certs, and that offers a useful workaround.