Hacker News new | ask | show | jobs
by Titanous 4708 days ago
There are three options:

1) Change authorized_keys after each user modification.

2) Use OpenSSH with a custom PAM module or patch that does database lookups.

3) Use an SSH library to implement a custom server that only handles git pushes and does database lookups.

We have not decided which method to use yet.
2 comments
gklein 4708 days ago
You have some other options to solve that: - SSH Key management with SKM - SSH Key DB - Openssh LPK (SSH Patch that supports LDAP) - Openssh Ldap Publickey

I believe that Openssh Ldap Publickey is one of the best options cause it does not require any patches or file syncing and it keeps the public keys in a central LDAP server.

1. https://sites.google.com/site/jeromeboismartel/code-s-corner... 2. https://code.google.com/p/ssh-keydb/ 3. https://code.google.com/p/openssh-lpk/ 4. https://github.com/AndriiGrytsenko/openssh-ldap-publickey

link
SiliconAlley 4708 days ago
When I was doing this, I was leaning toward going the 3rd approach, but it seemed a really momentous undertaking. That would definitely be a boon to the future of PaaS projects though, because it seems like OpenSSH doesn't really have the use-case in mind, plus I hate the idea of hacking something as fundamental as OpenSSH on my machine to do development work on a single project
link