質問編集履歴
2
一部修正
title
CHANGED
|
File without changes
|
body
CHANGED
|
@@ -88,4 +88,4 @@
|
|
|
88
88
|
```lang
|
|
89
89
|
/usr/lib/ssh-command/find_key.sh username
|
|
90
90
|
ssh-rsa AAAA*********・・・
|
|
91
|
-
```
|
|
91
|
+
```
|
1
ご質問頂いた情報を追記させて頂きました。
title
CHANGED
|
File without changes
|
body
CHANGED
|
@@ -15,4 +15,77 @@
|
|
|
15
15
|
sshd[25802]: Failed password for [USER_NAME] from 172.31.24.39 port 60385 ssh2
|
|
16
16
|
```
|
|
17
17
|
|
|
18
|
-
宜しくお願いします。
|
|
18
|
+
宜しくお願いします。
|
|
19
|
+
|
|
20
|
+
ーーー追記ーーーー
|
|
21
|
+
ldapのバージョン:2.4.40
|
|
22
|
+
|
|
23
|
+
◆SSH公開鍵の登録方法
|
|
24
|
+
※ldifファイルに記述
|
|
25
|
+
|
|
26
|
+
/etc/ldap/ldif/user.ldif
|
|
27
|
+
```lang-user.ldif
|
|
28
|
+
dn: uid=username,ou=User,dc=example,dc=co,dc=jp
|
|
29
|
+
objectClass: shadowAccount
|
|
30
|
+
objectClass: posixAccount
|
|
31
|
+
objectClass: account
|
|
32
|
+
objectClass: top
|
|
33
|
+
objectCkass: ldapPublicKey
|
|
34
|
+
cn: username
|
|
35
|
+
uid: username
|
|
36
|
+
uidNumber: 2001
|
|
37
|
+
gidNumber: 2000
|
|
38
|
+
homeDirectory: /home/username
|
|
39
|
+
loginShell: /bin/bash
|
|
40
|
+
shadowMin: 0
|
|
41
|
+
shadowMax: 99999
|
|
42
|
+
shadowWarning: 7
|
|
43
|
+
shadowLastChange: 16175
|
|
44
|
+
userPassword: {SSHA}*************************************
|
|
45
|
+
sshPublicKey: ssh-rsa AAAA**********************************
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
※openssh-lpkスキーマの追加
|
|
49
|
+
|
|
50
|
+
/etc/ldap/ldif/openssh-lpk.ldif
|
|
51
|
+
```lang
|
|
52
|
+
dn: cn=openssh-lpk,cn=schema,cn=config
|
|
53
|
+
objectClass: olcSchemaConfig
|
|
54
|
+
cn: openssh-lpk
|
|
55
|
+
olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
|
|
56
|
+
DESC 'MANDATORY: OpenSSH Public key'
|
|
57
|
+
EQUALITY octetStringMatch
|
|
58
|
+
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
|
|
59
|
+
olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
|
|
60
|
+
DESC 'MANDATORY: OpenSSH LPK objectclass'
|
|
61
|
+
MAY ( sshPublicKey $ uid )
|
|
62
|
+
)
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
ldappサーバーから公開鍵を取得する設定(クライアント側)
|
|
66
|
+
・AuthorizedKeysCommandを使用
|
|
67
|
+
|
|
68
|
+
/etc/ssh/sshd_config
|
|
69
|
+
```lang
|
|
70
|
+
AuthorizedKeysCommand /usr/lib/ssh-command/find_key.sh
|
|
71
|
+
AuthorizedKeysCommandUser root
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
/usr/lib/ssh-command/find_key.sh
|
|
75
|
+
```lang
|
|
76
|
+
#!/bin/bash
|
|
77
|
+
|
|
78
|
+
uri=ldap://10.0.XXX.XXX/
|
|
79
|
+
binddn="cn=admin,dc=example,dc=co,dc=jp"
|
|
80
|
+
bindpw=******
|
|
81
|
+
base="dc=example,dc=co,dc=jp"
|
|
82
|
+
uid=$1
|
|
83
|
+
|
|
84
|
+
ldapsearch -LLL -H ${uri} -w "${bindpw}" -D "${binddn}" -b "${base}" "(& (objectClass=posixAccount) (uid=${uid}))" "sshPublicKey" | ruby -e 'puts STDIN.read.gsub(/\n /,"").match(/sshPublicKey: (.+)/).to_a[1]'
|
|
85
|
+
```
|
|
86
|
+
※クライアント側から上記/usr/lib/ssh-command/find_key.shに引数ユーザー名を渡して実行した結果、公開鍵情報は取得できています。
|
|
87
|
+
|
|
88
|
+
```lang
|
|
89
|
+
/usr/lib/ssh-command/find_key.sh username
|
|
90
|
+
ssh-rsa AAAA*********・・・
|
|
91
|
+
```l
|