RSS feed

RE: ssh public key auth using pam_ldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

RE: ssh public key auth using pam_ldap


Hi Jason,


We are doing this currently however we only allow public key authentication, password based authentication is disabled.  I’m not sure if you can mix and match but this is what we went with.  Here is a gist with the relevant configs and some info that may be helpful:




Thank you very much for this! Your usage of pam_deny gave me an idea. I’m fairly new to PAM and am still wrapping my head around things.


I’m on a CentOS 7 box, so I’m not sure the common-* files are read by the version of PAM we have installed. At the very least, I could not get them to be read. So, I added to the top of the sshd pam.d file and worked my way up. All it took was the following to be at the top of the file:


account sufficient

account required


If I add the into the stack, it will allow users in that have added their public key to their authorized_keys. I believe this solves my issue for the most part.


Thanks again!