[SAC] [OSGeo] #2239: OSGeo 7 ldap ssh access

OSGeoTrac · January 10, 2019, 5:37pm

#2239: OSGeo 7 ldap ssh access
---------------------------+-------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Keywords:
---------------------------+-------------------
I created an lxd container

outlined here:

https://git.osgeo.org/gitea/sac/osgeo7/wiki/Debian-10-container-with-LDAP-
SSH-%28WORK-IN-PROGRESS%29

That has Debian 10 installed, and LDAP SSH libs, and configured to connect
with ldap.osgeo.org.

I however have not been successful being able to log in with it using my
ldap account.

I suspect it's something really simple I am missing.

The Ldapsearch stuff works fine. So does

getent passwd <someldapuser>

Usually when that works all is set.

The moved things around quite a bit in debian 10 for ldap, so it might be
just a file config I am missing. Cause things I normally put in one file
had to be in a different one.

This I was hoping would serve two purposes

1) Be a skeleton for setting up debina with ldap / ssh access
2) Eventually build a DMZ container that people would need to log into
first to access the other containers.

I'm going to try next to build a debian 9 container instead and do the
same to rule out just an issue with how they changed ssh/ldap in debian
10.

I had tried an ubuntu 18.04 earlier and didn't even get as far with it as
I did with this debian10. Both have this extra systemd stuff which
confuses me.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2239>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · January 10, 2019, 10:21pm

#2239: OSGeo 7 ldap ssh access
---------------------------+--------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------

Comment (by robe):

update - I successfully configured a ldap ssh debian 9 container that I
can ssh into using my ldap account. So I think it's just a step I missed
in debian 10 cause the file paths changes. Setup detailed here -
https://git.osgeo.org/gitea/sac/osgeo7/wiki/Debian-9-container-with-ldap-
ssh

the debian 9 container can be accessed by sac members using

{{{
ssh your_username@osgeo7.osgeo.osuosl.org -p 50023
}}}

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2239#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · April 23, 2019, 11:30pm

#2239: OSGeo 7 ldap ssh access
---------------------------+---------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone:
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------
Changes (by robe):

* status: new => closed
* resolution: => fixed

Comment:

download container was created from this image and has port 22 open

For old containers I don't plan to have ssh widely open and plan to force
people to go thru the download osgeo container which requires ssh key.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2239#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.