はじめに
OSの認証方法をLDAPで、公開鍵認証にするため、LDAPクライアントを設定にsshd_configを設定しようとしたけど、ssh-ldap-pubkey-wrapper
がないのでインストールする
環境
ami : "ami-0c7d9b740e997aa69" #redash-5.0.2-b5486-build2-ap-northeast-1
対応
pipインスストール
$ sudo apt install -y python-pip $ pip -V pip 9.0.1 from /usr/lib/python2.7/dist-packages (python 2.7)
ssh-ldap-pubkeyインストール
$ sudo pip install ssh-ldap-pubkey (省略) /temp.linux-x86_64-2.7/Modules/LDAPObject.o In file included from Modules/LDAPObject.c:8:0: Modules/constants.h:7:10: fatal error: lber.h: No such file or directory #include "lber.h" ^~~~~~~~ compilation terminated. error: command 'x86_64-linux-gnu-gcc' failed with exit status 1 ---------------------------------------- Command "/usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-1qZ2G9/python-ldap/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-WDTNRv-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-1qZ2G9/python-ldap/
パッケージが足りない。
パッケージをインストール
sudo apt install -y libsasl2-dev python-dev libldap2-dev libssl-dev
ssh-ldap-pubkeyインストール(再)
$ sudo pip install ssh-ldap-pubkey Collecting ssh-ldap-pubkey Requirement already satisfied: docopt in /usr/local/lib/python2.7/dist-packages (from ssh-ldap-pubkey) Collecting pyldap (from ssh-ldap-pubkey) Collecting python-ldap>=3.0.0b1 (from pyldap->ssh-ldap-pubkey) Using cached https://files.pythonhosted.org/packages/ea/93/596f875e003c770447f4b99267820a0c769dd2dc3ae3ed19afe460fcbad0/python-ldap-3.2.0.tar.gz Requirement already satisfied: pyasn1>=0.3.7 in /usr/local/lib/python2.7/dist-packages (from python-ldap>=3.0.0b1->pyldap->ssh-ldap-pubkey) Requirement already satisfied: pyasn1_modules>=0.1.5 in /usr/local/lib/python2.7/dist-packages (from python-ldap>=3.0.0b1->pyldap->ssh-ldap-pubkey) Building wheels for collected packages: python-ldap Running setup.py bdist_wheel for python-ldap ... done Stored in directory: /root/.cache/pip/wheels/48/dd/0b/a06d1baf6575ad4520fc1fcf5bd96b493cd89670fdf6ade224 Successfully built python-ldap Installing collected packages: python-ldap, pyldap, ssh-ldap-pubkey Successfully installed pyldap-3.0.0 python-ldap-3.2.0 ssh-ldap-pubkey-1.3.0
$ which ssh-ldap-pubkey-wrapper /usr/local/bin/ssh-ldap-pubkey-wrapper
sshd_config設定
$ sudo vim /etc/ssh/sshd_config --- 以下を追加 AuthorizedKeysCommand /usr/local/bin/ssh-ldap-pubkey-wrapper AuthorizedKeysCommandUser nobody --- $ sudo systemctl restart sshd.service