LDAP auth via SSH

mogarchy · Oct 20, 2020, 5:07 AM

Hi all,
I'm working on beefing up my security a bit and want to get away from Local Database Auth and have my team log in with individual credentials - I have LDAP working with my ~~G Suite~~ Google Workspace Directory and GUI logins are fine, but no luck with SSH.

I see a couple posts asking about this from a few years back but no seemingly no resolution, any help?

Thanks!

stephenw10 · Oct 20, 2020, 8:36 PM

You want to use LDAP over SSH, like via an SSH tunnel?

Or you want to authenticate SSH logins using LDAP?

Steve

jimp · Oct 20, 2020, 2:54 PM

It's not yet possible for SSH users to login via LDAP: https://redmine.pfsense.org/issues/8698

mogarchy · Oct 20, 2020, 8:36 PM

@stephenw10 I want to authenticate SSH logins to PFsense via LDAP.

mogarchy · Oct 20, 2020, 8:41 PM

@jimp Thanks for the info, do you have the power/ability to make it happen? If so what's your price? (not a joke)

Otherwise, can I use any external authentication server like RADIUS or am I stuck with local authentication for SSH sessions?

viktor_g · Oct 21, 2020, 8:57 AM

@mogarchy said in LDAP auth via SSH:

@jimp Thanks for the info, do you have the power/ability to make it happen? If so what's your price? (not a joke)

Otherwise, can I use any external authentication server like RADIUS or am I stuck with local authentication for SSH sessions?

RADIUS shell authentication is implemented in 2.5:
https://redmine.pfsense.org/issues/10545