1
0
forked from infra/ansible

common: support looking up sshPublicKey from LDAP

This commit is contained in:
Markus 2024-02-21 08:38:44 +01:00
parent d5b11f15d2
commit b058a8d891
3 changed files with 11 additions and 1 deletions

View File

@ -1,4 +1,4 @@
---
sshd_authkeys_command: "/usr/bin/sss_ssh_authorizedkeys"
sshd_password_authentication: "yes"
uau_reboot: "false"

View File

@ -1,3 +1,4 @@
---
sshd_authkeys_command: "/usr/bin/sss_ssh_authorizedkeys"
sshd_password_authentication: "yes"

View File

@ -43,8 +43,17 @@ PermitRootLogin {{ sshd_permit_root_login }}
#AuthorizedPrincipalsFile none
{% if sshd_authkeys_command is defined and sshd_authkeys_command %}
AuthorizedKeysCommand {{ sshd_authkeys_command }}
{% if sshd_authkeys_user is defined and sshd_authkeys_user %}
AuthorizedKeysCommandUser {{ sshd_authkeys_user }}
{% else %}
AuthorizedKeysCommandUser nobody
{% endif %}
{% else %}
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
{% endif %}
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no