login with only ssh key via LDAP

  • 1
  • Question
  • Updated 7 months ago
Have several switches that have login authentication via an external LDAP server using Fusion directory.  Switches are all 3.3.2 and have downloaded the apps/plug-ins for nslcd.  I've gotten to the point that I can login with the LDAP credentials, but now I want to use my ssh key rather than password...
how do I do that?
Photo of Troy MacDonald

Troy MacDonald

  • 720 Points 500 badge 2x thumb

Posted 7 months ago

  • 1
Photo of Jason Guy

Jason Guy, Employee

  • 1,552 Points 1k badge 2x thumb
Hi Troy,

If there is a plugin for nslcd, then you would need to research how to set this up. I am not familiar with Fusion directory either, but regardless the LDAP server will require the users to add their public key somewhere, which then can be used for authentication. Does the server know to use pubkey if available, else use password?

As far as I know, the sssd ldap client is the only one that can authenticate with a user's ssh key. I have not yet tried this, but planned to set this up at some point to see how it works. 
Please respond back once you figure this out, and share how you did this. I would like to add it to a KB or the user docs. Unfortunately I have not had the time to try it out in the lab myself...