Lightweight Directory Access Protocol, or LDAP , is a directory services running over TCP/IP. Most large business and organization use LDAP for centralized authentication.
ADVERTISEMENTS
You can read LDAP Linux HOWTO for setup and configuration. If your workstation or server setup to authenticate via LDAP, open ssh will not work when user try to connect from remote system. You need to make little modification to openssh, so that it can authenticate you via LDAP:
Open /etc/ssh/sshd_config file
# vi /etc/ssh/sshd_config file
Append or modify line as follows:
PAMAuthenticationViaKbdInt yes
Restart OpenSSH
# /etc/init.d/sshd restart
Now ssh server will accept login for remote users.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 5 comments... add one ↓
READ NEXT
Top 20 OpenSSH Server Best Security Practices
Linux: 25 Iptables Netfilter Firewall Examples For New SysAdmins
40 Linux Server Hardening Security Tips [2019 edition]
Top 25 Nginx Web Server Best Security Practices- Linux 25 PHP Security Best Practices For Sys Admins
21 Examples To Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors- Linux Building Rules For The Cluster With Firewall Builder
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
I think no additional configuration is needed because the file /etc/nsswitch.conf
I think no additional configuration is needed because the file /etc/nsswitch.conf contains the entry
passwd: files ldap
This will do the trick.
LDAP and authentication mechanism is already configured. But you need to tell this to OpenSSH.
The 1st method suggested is now deprecated
The second solution is usually configured already, so that not a solution
The real problem is usually in the configuration of pam
edit or create file:
/etc/pam.d/sshd
comment out or delete line:
# account required pam_access.so
This removes the requirement that the user should have a local account.
The above line is usually present in systems installed via kickstart
PAMAuthenticationViaKbdInt yes is deprecated.