On Thu, Feb 18, 2010 at 11:47 AM, Nick Owen <owen.n...@gmail.com> wrote:
> On Wed, Feb 17, 2010 at 3:24 PM, John L. Singleton <jsing...@gmail.com>wrote: > >> Hi All, >> >> I am trying to set up a centralized SSH authentication server that allows >> authentication via public keys. I can't find anything on the web about if >> this is possible with FR. Is it? Basically all I need is for FR to allow >> authentication off of a respective users's .ssh/.authorized_keys file. So >> far all I can seem to get going is password authentication. Can anyone let >> me know if this is even doable?-- >> > > > You are probably barking up the wrong tree with freeradius. Check out this > tutorial I wrote on setting up a centralized SSH server: > http://www.howtoforge.net/secure_ssh_with_wikid_two_factor_authentication. > The difference is that I suggest using two-factor authentication with OTPs > to get into the key server (because public key SSH does not meet certain > regulatory requirements). You may want to use Freeradius to route the > OTPs to the auth server. > > If it were me I would put it into LDAP rather than Radius. Since that's what LDAP does well. If you google for "OpenSSH LDAP LPK " you will find this site: code.google.com/p/*openssh*-*lpk *which is the LPK patches for OpenSSH which work (albiet not the most pretty) with a centralised OpenSSH LDAP store for your authorized keys. I personally use this and it works well. Thanks Peter
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html