SSH on Solaris 10 w/public keys and pam_ldap

SSH on Solaris 10 w/public keys and pam_ldap

Post by Raymond Scot » Thu, 29 Jun 2006 12:20:16



Is it possible to use public/private keys to logon to Solaris 10 when the
destination is configured to use LDAP as a naming service?

I can get it to work if the account is listed in /etc/passwd
But, if the account is in LDAP then, SSH prompts for a password; the
pub/priv key stuff is bypassed.

Pub/Priv keys work fine on Solaris 9 when using LDAP. Something
changed in Solaris 10 to cause it to stop working.

Anyone know a way to get it to work?

--
Ray

 
 
 

SSH on Solaris 10 w/public keys and pam_ldap

Post by Chris Rid » Thu, 29 Jun 2006 14:46:55


On 2006-06-28 04:20:16 +0100, "Raymond Scott"

Quote:> Is it possible to use public/private keys to logon to Solaris 10 when the
> destination is configured to use LDAP as a naming service?

> I can get it to work if the account is listed in /etc/passwd
> But, if the account is in LDAP then, SSH prompts for a password; the
> pub/priv key stuff is bypassed.

> Pub/Priv keys work fine on Solaris 9 when using LDAP. Something
> changed in Solaris 10 to cause it to stop working.

> Anyone know a way to get it to work?

I've got it working, with quite a bit of help from some folks here.
Google this group for "pam query ldap" - there's some links to
recommended pam.conf files which should help.

I'd recommend setting up a zone so you can play around^W^Wtest this
stuff properly. It'll save a few blushes and reboots ;-)

Cheers,

Chris

 
 
 

1. MacOS X -> FreeBSD Public Key SSH

Hi,

I'm setting up public key ssh between FreeBSD 4.5-STABLE and MacOS
10.1.3.  Logging into MacOS X works perfectly.  Logging into the FreeBSD
machine I get the following output from verbose mode.

[...]
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try pubkey: /Users/ianp/.ssh/id_rsa
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: try pubkey: /Users/ianp/.ssh/id_dsa
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is keyboard-interactive
otp-md5 12 cy1377 ext
S/Key Password:

I type anything and press enter three times and then I get a login
prompt.  I'm using a dsa key and it should log me in without asking when
it tries dsa authentication just as it does in the opposite direction.

By the way is rsa2 or dsa considered more secure?

Ian

2. CD Recording adventures

3. ssh fails to authenticate public key....

4. need help speeding up this script

5. SSH "public key for user xyz failed"

6. Perl + Csh problem

7. ssh public key renew on all servers

8. Early warning of a disk crash ?

9. Public Key Crypto in Public Domain?

10. Public SSH server / unix server with SSH available

11. Jumpstart solaris 10 b69 and solaris 10 b72 on an Ultra 30

12. The SSH configuration in Solaris 10