Score:0

SSH to Windows server, fetching public keys from LDAP

cn flag

We've got an established process where users connecting to an Ubuntu server via SSH have their public keys retrieved from our LDAP infrastructure and then PAM sets up their home directory, etc.

I need to set up a standalone Windows server but the users still want to use SSH to connect to it. I'm therefore looking into how to try and replicate the Ubuntu experience onto Windows.

As far as I can tell, though, Windows requires the users to pre-exist and their authorized keys to be saved in the user's .ssh directory, like Linux does under normal circumstances. If you want admin rights, it is more challenging because there is a single file storing all of the public keys for the admins and you have to set the ACL appropriately on the file. So, again, the users need to pre-exist.

Is there a solution to this? Free or paid - just trying to find out if a solution even exists.

Thanks.

cn flag
Bob
Since the Windows SSH server is a fork of OpenSSHD it could have supported the opensshd [`AuthorizedKeysCommand`](https://man.openbsd.org/sshd_config.5#AuthorizedKeysCommand) option for sshd. When enabled the `AuthorizedKeysCommand` allows you to specify a command/script/executable that will run during login to retrieve a users public key(s) from a remote source (such as your LDAP server) and perform validation just as if there was `authorized_keys` file in the users home directory with those public keys. That is a really nice solution for centrally managing public keys
cn flag
Bob
Unfortunately that is not yet supported in the Windows fork. See the list of unsupported options here: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration and I don't of any way to do something like in the native windows ssh server
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.