dehio3’s diary

仕事、生活、趣味のメモ

redashのamiにssh-ldap-pubkey-wrapperをインストールする

はじめに

OSの認証方法をLDAPで、公開鍵認証にするため、LDAPクライアントを設定にsshd_configを設定しようとしたけど、ssh-ldap-pubkey-wrapperがないのでインストールする

環境

ami : "ami-0c7d9b740e997aa69" #redash-5.0.2-b5486-build2-ap-northeast-1

対応

pipインスストール

$ sudo apt install -y python-pip
$ pip -V
pip 9.0.1 from /usr/lib/python2.7/dist-packages (python 2.7)

ssh-ldap-pubkeyインストール

$ sudo pip install ssh-ldap-pubkey

(省略)

/temp.linux-x86_64-2.7/Modules/LDAPObject.o
    In file included from Modules/LDAPObject.c:8:0:
    Modules/constants.h:7:10: fatal error: lber.h: No such file or directory
     #include "lber.h"
              ^~~~~~~~
    compilation terminated.
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    
    ----------------------------------------
Command "/usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-1qZ2G9/python-ldap/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-WDTNRv-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-1qZ2G9/python-ldap/

パッケージが足りない。

パッケージをインストール

sudo apt install -y libsasl2-dev python-dev libldap2-dev libssl-dev

ssh-ldap-pubkeyインストール(再)

$ sudo pip install ssh-ldap-pubkey
Collecting ssh-ldap-pubkey
Requirement already satisfied: docopt in /usr/local/lib/python2.7/dist-packages (from ssh-ldap-pubkey)
Collecting pyldap (from ssh-ldap-pubkey)
Collecting python-ldap>=3.0.0b1 (from pyldap->ssh-ldap-pubkey)
  Using cached https://files.pythonhosted.org/packages/ea/93/596f875e003c770447f4b99267820a0c769dd2dc3ae3ed19afe460fcbad0/python-ldap-3.2.0.tar.gz
Requirement already satisfied: pyasn1>=0.3.7 in /usr/local/lib/python2.7/dist-packages (from python-ldap>=3.0.0b1->pyldap->ssh-ldap-pubkey)
Requirement already satisfied: pyasn1_modules>=0.1.5 in /usr/local/lib/python2.7/dist-packages (from python-ldap>=3.0.0b1->pyldap->ssh-ldap-pubkey)
Building wheels for collected packages: python-ldap
  Running setup.py bdist_wheel for python-ldap ... done
  Stored in directory: /root/.cache/pip/wheels/48/dd/0b/a06d1baf6575ad4520fc1fcf5bd96b493cd89670fdf6ade224
Successfully built python-ldap
Installing collected packages: python-ldap, pyldap, ssh-ldap-pubkey
Successfully installed pyldap-3.0.0 python-ldap-3.2.0 ssh-ldap-pubkey-1.3.0
$ which ssh-ldap-pubkey-wrapper
/usr/local/bin/ssh-ldap-pubkey-wrapper

sshd_config設定

$ sudo vim /etc/ssh/sshd_config 
--- 以下を追加
AuthorizedKeysCommand /usr/local/bin/ssh-ldap-pubkey-wrapper
AuthorizedKeysCommandUser nobody
---
$ sudo systemctl restart sshd.service

参考

qiita.com