[New: openFATE 312362] AuthorizedKeysCommand patch for openssh OR openssh-lpk
Feature added by: BJ Taylor (beeg_98) Feature #312362, revision 1 Title: AuthorizedKeysCommand patch for openssh OR openssh-lpk Package Wishlist: Unconfirmed Priority Requester: Important Requested by: BJ Taylor (beeg_98) Partner organization: openSUSE.org Description: There has long been a need to combine opensshd authorized keys with ldap. A couple of solutions have come about, and I would love to see one of these make it mainstream with opensuse. Here is one patch I have found that is supposedly being implemented on both Fedora and RHEL6 products: https://bugzilla.mindrot.org/show_bug.cgi?id=1663 Of course there is the openssh-lpk patch as well. http://code.google.com/p/openssh-lpk My company has standardized on suse some time ago, but by policy we require dual factor authentication (key and password). We can not move to an ldap solution until there is a way to integrate ssh keys into ldap. We are a growing company and it is getting to the stage where it is painful to manage each server individually without a centralized system for authentication. Use Case: If you have 200 servers, and a requirement for ssh keys, you have to install the key on each server every time you hire somebody new. (Or if you let somebody go, you have to remove it from each server.) Using ldap+ssh keys would allow you to do that from one place. Business case (Partner benefit): openSUSE.org: This would make the SuSE suite of products SOOO much more business friendly while keeping security a priority (also important for businesses). -- openSUSE Feature: https://features.opensuse.org/312362
Feature changed by: Bernhard Wiedemann (bmwiedemann) Feature #312362, revision 2 Title: AuthorizedKeysCommand patch for openssh OR openssh-lpk Package Wishlist: Unconfirmed Priority Requester: Important Requested by: BJ Taylor (beeg_98) Partner organization: openSUSE.org Description: There has long been a need to combine opensshd authorized keys with ldap. A couple of solutions have come about, and I would love to see one of these make it mainstream with opensuse. Here is one patch I have found that is supposedly being implemented on both Fedora and RHEL6 products: https://bugzilla.mindrot.org/show_bug.cgi?id=1663 Of course there is the openssh-lpk patch as well. http://code.google.com/p/openssh-lpk My company has standardized on suse some time ago, but by policy we require dual factor authentication (key and password). We can not move to an ldap solution until there is a way to integrate ssh keys into ldap. We are a growing company and it is getting to the stage where it is painful to manage each server individually without a centralized system for authentication. Use Case: If you have 200 servers, and a requirement for ssh keys, you have to install the key on each server every time you hire somebody new. (Or if you let somebody go, you have to remove it from each server.) Using ldap+ssh keys would allow you to do that from one place. Business case (Partner benefit): openSUSE.org: This would make the SuSE suite of products SOOO much more business friendly while keeping security a priority (also important for businesses). + Discussion: + #1: Bernhard Wiedemann (bmwiedemann) (2011-05-22 12:36:15) + Of course, there are other (possibly more robust) approaches to deal + with the use-case. e.g. having one master-copy of the authorized_keys + file and doing + for i in `seq 1 200` ; do scp authorized_keys server$i:.ssh/ ; done + This avoids a single point of failure. -- openSUSE Feature: https://features.opensuse.org/312362
participants (1)
-
fate_noreply@suse.de