LDAP users can log in using passwords on my FreeNAS. Users have sshPublicKeys in LDAP. I want to use them for login.
I add these to my SSH config:
I test my script like this:
This returns my sshPublicKey from ldap. Fine. It should work, However it does not.
If I change the script, so it echos out the key (the key is hardcoded in the script), it works!
So, I figure something must be different on the output. md5 to the rescue.
Getting the key from ldap (Does not work: User asked for password)
Changing the script to echo the hardcoded key from the script (Works: User logged in with no password):
The only thing I change is the script (ldap_get_publickey.sh).
This works:
This does not work:
Running both scripts through md5, gives the same sum.
Getting the key from ldap runs with no delay (That I can detect).
I have set the logging to "Verbose/Daemon", but I do not see anything in the log(s)?
Any ideas? This is driving me mad (Hence the subject).
Thanks,
Tobias
I add these to my SSH config:
Code:
AuthorizedKeysCommand /root/ldap_get_publickey.sh AuthorizedKeysCommandUser root
I test my script like this:
/root/ldap_get_publickey.sh uid
This returns my sshPublicKey from ldap. Fine. It should work, However it does not.
If I change the script, so it echos out the key (the key is hardcoded in the script), it works!
So, I figure something must be different on the output. md5 to the rescue.
Getting the key from ldap (Does not work: User asked for password)
[root@ultraman] ~# ./ldap_get_publickey.sh tbp | md5
f752524a829f1c484a3987ba1d6d49a3
Changing the script to echo the hardcoded key from the script (Works: User logged in with no password):
[root@ultraman] ~# ./ldap_get_publickey.sh tbp | md5
f752524a829f1c484a3987ba1d6d49a3
The only thing I change is the script (ldap_get_publickey.sh).
This works:
#!/bin/sh
echo ssh-rsa \
AAAAB3NzaC1yc2EAAAADAQABAAACAQCx1JwjmPkl9fxC/KV8oXneLIHE2YVcsD2yqPN3WXO4IU2ABKtMFaUmKb9wpxLRjg2LsA0Me8LPdva7PupkXNJrRjmXmUOxI33/lm9RnOuNLqrUFe0g99UAZFp8jG1+sVeDn3qrb0LzXrpY8GOOstwriE2MLji/6C9Xg9VdUC5ONCE3LMP7rQnMR8kGsDJfEPiQJAKypDul5v6+Q3jeeqBodPRaz7EjA637G8mGU5Y1z5BL46lwhZ87N7dSKVPBne17PJMIHo/m6YhN0ugRByhgXzZd/WGQzhtq01RbV7S7pslNMiLggI0l3Q6shnnhHRH6DC4m8UuEvqggmPepzokLwr2S/f4EkBTmQVCZom/5rISPI6/rPImdpJsI0xGcA9OuMrgSelkLy2uyPMSs+zqCrxmqvOqt+ms+UXdV2be266rM3EjsSMIazjOOcP95oy48vUYPXlcvWzJ9T+PVhgf9d6eyE4HAIKFCvbJCYXeEGUnzLDQDUZLHYMpu+6HCSimcwTtSOw4tnxf49212pN3NrXr9MV7aNV0VvT73jAgfezYtU6v643HquqHyt3Qyjh2P+Xb+jdtRYrSUPjd0vSLQ921WtOZrfClH2V0ql8JpYre8Via04Vid/XXuIlgmIFZpiVYbOOglRuqchGCTIIwOXbt8U31RC4tQvNkO/FRY0w== \
tbp@HP
This does not work:
#!/bin/sh
ldapsearch -x -h ldap.example.com -b dc=example,dc=com -D "cn=readonly,dc=example,dc=com" \
-w PASSWORD -ZZ '(&(objectClass=posixAccount)(uid='"$1"'))' sshPublicKey | \
sed -n '/^ /{H;d;};/sshPublicKey:/x;$g;s/\n *//g;/sshPublicKey:/p' | sed 's/sshPublicKey:\ //'
Running both scripts through md5, gives the same sum.
Getting the key from ldap runs with no delay (That I can detect).
I have set the logging to "Verbose/Daemon", but I do not see anything in the log(s)?
Any ideas? This is driving me mad (Hence the subject).
Thanks,
Tobias
Last edited:
