Hot!Admin auth per SSH key and LDAP

Author
ede_pfau
Expert Member
  • Total Posts : 6050
  • Scores: 480
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
2019/03/02 01:38:29 (permalink)
0

Admin auth per SSH key and LDAP

Hello fellows,
 
for simplicity, I often use my private SSH key to log in into my local admin account on various FGTs (I mean, CLI access via SSH). Now, if instead of a local admin account I use a wildcard admin account against LDAP/MS AD in the background, I cannot use this anymore.
Any ideas how to work around this?
 

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#1

5 Replies Related Threads

    xsilver_FTNT
    Expert Member
    • Total Posts : 436
    • Scores: 93
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Status: online
    Re: Admin auth per SSH key and LDAP 2019/03/04 01:21:13 (permalink)
    0
    Hi Ede,
    how do you expect it to work ? Like one public key for everyone eligible to login through LDAP ?
     
    In this type of remote users is password, and so I believe key as well, used as fallback option if remote server is not reachable or do not respond to authentication attempts.
     
    Workaround might be in the way that remote server will read and use provided password as key.

    Kind Regards,
    Tomas
    #2
    ede_pfau
    Expert Member
    • Total Posts : 6050
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Admin auth per SSH key and LDAP 2019/03/04 04:11:52 (permalink)
    0
    You're right, "how do you expect it to work?" Seems you can't have the pudding and eat it.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #3
    xsilver_FTNT
    Expert Member
    • Total Posts : 436
    • Scores: 93
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Status: online
    Re: Admin auth per SSH key and LDAP 2019/03/04 04:16:06 (permalink)
    0
    yes.
    Seems to me that all the modern tech is about the same ... options are "cheap", "fast" and "reliable/robust", and you can choose two but newer be able to get all three in one product.

    Kind Regards,
    Tomas
    #4
    emnoc
    Expert Member
    • Total Posts : 5252
    • Scores: 347
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: Admin auth per SSH key and LDAP 2019/03/04 19:55:24 (permalink)
    0
    I'm sure you can do this in LDAP  but it take works maybe a fork of  RADIUS or  TACAS.
    I would look at . jirutka/ssh-ldap-pubkey
     
    You will need custom attributes and then you can deploy what you want. Certificate would be much much much better imho YMMV
     
    Ken Felix

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #5
    ede_pfau
    Expert Member
    • Total Posts : 6050
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Admin auth per SSH key and LDAP 2019/03/05 01:21:48 (permalink)
    0
    Thanks Ken, I will look into certs then.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #6
    Jump to:
    © 2019 APG vNext Commercial Version 5.5