94 lines
2.9 KiB
ReStructuredText
94 lines
2.9 KiB
ReStructuredText
.. Open Infrastructure: service-tools
|
|
|
|
.. Copyright (C) 2014-2025 Daniel Baumann <daniel.baumann@open-infrastructure.net>
|
|
..
|
|
.. SPDX-License-Identifier: GPL-3.0+
|
|
..
|
|
.. This program is free software: you can redistribute it and/or modify
|
|
.. it under the terms of the GNU General Public License as published by
|
|
.. the Free Software Foundation, either version 3 of the License, or
|
|
.. (at your option) any later version.
|
|
..
|
|
.. This program is distributed in the hope that it will be useful,
|
|
.. but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
.. GNU General Public License for more details.
|
|
..
|
|
.. You should have received a copy of the GNU General Public License
|
|
.. along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
==========
|
|
ssh-pubkey
|
|
==========
|
|
|
|
-----------------------------------------------------------------------------
|
|
meta-command to get a users public key for authentication with openssh-server
|
|
-----------------------------------------------------------------------------
|
|
|
|
:manual section: 1
|
|
:manual group: Open Infrastructure
|
|
|
|
Synopsis
|
|
========
|
|
|
|
| **ssh-pubkey** USER
|
|
|
|
Description
|
|
===========
|
|
|
|
**ssh-pubkey** executes a command to show the public key of a user.
|
|
|
|
The configured command in set by calling ``dpkg-reconfigure open-infrastructure-openssh-tools`` (if available), or by editing /usr/bin/ssh-pubkey directly.
|
|
|
|
The configured command can use first argument given to ssh-pubkey which is the user that the login is performed for by openssh. The command needs to return a valid public key (e.g. 'ssh-ed22519 [...]') which then gets used by openssh.
|
|
|
|
Example
|
|
=======
|
|
|
|
When using LDAP with the ``sshPublicKey`` attribute, a valid command could look like this:
|
|
|
|
|
|
|
| ldapsearch -LLL -x -o ldif-wrap=no -H ldaps://ldap.example.org:636 -b dc=example uid="${1}" 'sshPublicKey' | \
|
|
| awk '/^sshPublicKey: / { print $2, $3, $4 }'
|
|
|
|
|
|
|
Files
|
|
=====
|
|
|
|
The following files are used:
|
|
|
|
/etc/ssh/sshd_config.d/ssh-authorizedkeys-command:
|
|
openssh-server configuration to enable ssh-authorizedkeys-command.
|
|
|
|
/usr/bin/ssh-pubkey:
|
|
script that executes the user configured command to return the users public keys.
|
|
|
|
/usr/share/openssh-tools/bin/ssh-pubkey.in:
|
|
stup of the script that is combined with the user supplied command to /usr/bin/ssh-pubkey.
|
|
|
|
See also
|
|
========
|
|
|
|
| sshd_config(5)
|
|
|
|
Homepage
|
|
========
|
|
|
|
More information about service-tools and the Open Infrastructure project can be
|
|
found on the homepage (https://open-infrastructure.net).
|
|
|
|
Contact
|
|
=======
|
|
|
|
Bug reports, feature requests, help, patches, support and everything else are
|
|
welcome on the Open Infrastructure Software Mailing List
|
|
<software@lists.open-infrastructure.net>.
|
|
|
|
Debian specific bugs can also be reported in the Debian Bug Tracking System
|
|
(https://bugs.debian.org).
|
|
|
|
Authors
|
|
=======
|
|
|
|
service-tools were written by Daniel Baumann
|
|
<daniel.baumann@open-infrastructure.net> and others.
|