Force OpenSSH (SSHD) to use authentication via LDAP server

Lightweight Directory Access Protocol, or LDAP , is a directory services running over TCP/IP. Most large business and organization use LDAP for centralized authentication.

You can read LDAP Linux HOWTO for setup and configuration. If your workstation or server setup to authenticate via LDAP, open ssh will not work when user try to connect from remote system. You need to make little modification to openssh, so that it can authenticate you via LDAP:

Open /etc/ssh/sshd_config file
# vi /etc/ssh/sshd_config file

Append or modify line as follows:
PAMAuthenticationViaKbdInt yes

Restart OpenSSH
# /etc/init.d/sshd restart

Now ssh server will accept login for remote users.

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
5 comments… add one
  • richard Mar 15, 2016 @ 21:32

    PAMAuthenticationViaKbdInt yes is deprecated.

  • Benny Chitambira Dec 11, 2008 @ 10:29

    The 1st method suggested is now deprecated
    The second solution is usually configured already, so that not a solution
    The real problem is usually in the configuration of pam
    edit or create file:
    /etc/pam.d/sshd
    comment out or delete line:
    # account required pam_access.so
    This removes the requirement that the user should have a local account.
    The above line is usually present in systems installed via kickstart

  • 🐧 nixCraft Nov 25, 2006 @ 8:41

    LDAP and authentication mechanism is already configured. But you need to tell this to OpenSSH.

  • Aneesh Nov 24, 2006 @ 23:39

    I think no additional configuration is needed because the file /etc/nsswitch.conf contains the entry
    passwd: files ldap

    This will do the trick.

  • Aneesh Nov 24, 2006 @ 23:37

    I think no additional configuration is needed because the file /etc/nsswitch.conf

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.