{"id":16709270,"url":"https://github.com/jirutka/ssh-getkey-ldap","last_synced_at":"2026-02-20T22:39:32.544Z","repository":{"id":65586354,"uuid":"52601176","full_name":"jirutka/ssh-getkey-ldap","owner":"jirutka","description":"A simple script to be used as AuthorizedKeysCommand in OpenSSH server to look up user’s public keys in LDAP.","archived":false,"fork":false,"pushed_at":"2016-12-28T17:10:45.000Z","size":9,"stargazers_count":14,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-12-11T06:47:33.053Z","etag":null,"topics":["authentication","ldap","lua","openssh","ssh","ssh-key"],"latest_commit_sha":null,"homepage":"","language":"Lua","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jirutka.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-02-26T11:51:40.000Z","updated_at":"2025-11-06T05:46:43.000Z","dependencies_parsed_at":"2023-01-30T18:15:25.814Z","dependency_job_id":null,"html_url":"https://github.com/jirutka/ssh-getkey-ldap","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/jirutka/ssh-getkey-ldap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jirutka%2Fssh-getkey-ldap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jirutka%2Fssh-getkey-ldap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jirutka%2Fssh-getkey-ldap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jirutka%2Fssh-getkey-ldap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jirutka","download_url":"https://codeload.github.com/jirutka/ssh-getkey-ldap/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jirutka%2Fssh-getkey-ldap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29667093,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-20T19:49:36.704Z","status":"ssl_error","status_checked_at":"2026-02-20T19:44:05.372Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","ldap","lua","openssh","ssh","ssh-key"],"created_at":"2024-10-12T20:04:10.332Z","updated_at":"2026-02-20T22:39:32.520Z","avatar_url":"https://github.com/jirutka.png","language":"Lua","funding_links":[],"categories":[],"sub_categories":[],"readme":"= OpenSSH, look up public keys in LDAP!\n:name: ssh-getkey-ldap\n:tag: v0.1.2\n:gh-name: jirutka/{name}\n:script-name: ssh-getkey-ldap\n:file-uri: https://raw.githubusercontent.com/{gh-name}/{tag}\n\nThis project provides a simple script to be used as `AuthorizedKeysCommand` in OpenSSH server to fetch authorized keys from LDAP.\nThe script is written in Lua and requires just one dependency, lualdap (and Lua interpreter of course).\n\nNot fan of Lua?\nThen you may try https://gist.github.com/jirutka/b15c31b2739a4f3eab63[this one] written in POSIX shell (but it requires `ldapsearch` utility and may not work well on some systems) or https://github.com/jirutka/ssh-ldap-pubkey[ssh-ldap-pubkey] written in Python.\n\nIf you need an utility for users to manage keys stored in LDAP, https://github.com/jirutka/ssh-ldap-pubkey[ssh-ldap-pubkey] is what you’re looking for.\n\n\n== Requirements\n\n* Lua 5.1+ or LuaJIT 2.0+\n* https://luarocks.org/modules/bdellegrazie/lualdap[lualdap] (that requires libldap)\n\n\n== Installation\n\n=== On Alpine Linux\n\n[source, sh, subs=\"verbatim, attributes\"]\n----\napk add {name}\n----\n\n=== Using git and ./install\n\n[source, sh, subs=\"verbatim, attributes\"]\n----\ngit clone -b {tag} https://github.com/{gh-name}.git\ncd {name}\n./install\n----\n\n=== Manual\n\n[source, sh, subs=\"verbatim, attributes\"]\n----\ncd /usr/local/bin\nwget {file-uri}/{script-name}\nchown root:root {script-name}\nchmod 0755 {script-name}\n\ncd /etc/ssh\nwget {file-uri}/getkey-ldap.conf\nvim getkey-ldap.conf  # read next section\n----\n\n\n== Configuration\n\nThe script reads configuration from `/etc/ssh/getkey-ldap.conf`.\n\nThe file format is similar to other UNIX configuration files.\nComments begin with a `#` character and extend to the end of the line; blank lines are ignored.\nConfiguration options consist of an initial keyword followed by a list of values separated by one or more whitespaces.\nOptions may not be continued over multiple lines.\nKeywords and values are case-sensitive.\n\nThe configuration options are as follows:\n\nhost::\n  A list of hostnames or IP addresses of hosts running an LDAP server to connect to.\n  Each hostname in the list may include a port number which is separated from the host itself with a colon `:` character.\n  Default value is localhost.\n\nuse_tls::\n  Whether to use TLS (true, or false).\n  Default is false.\n\nbinddn::\n  DN to bind when reading the user’s entry.\n  Default is to bind anonymously.\n\nbindpw::\n  Credentials to bind with when reading the user’s entry.\n  Default is none.\n\nbase::\n  DN of the search base.\n  Default is empty (i.e. root of the directory).\n\nscope::\n  The search scope; base, onelevel, or subtree.\n  Default is subtree.\n\ntimeout::\n  The timeout in seconds.\n  Default is 5.\n\npubkey_attr::\n  Name of the attribute with SSH pubkeys.\n  Default is sshPublicKey.\n\n\n== Setup OpenSSH server\n\nTo configure OpenSSH server to fetch users’ authorized keys from LDAP server:\n\n. Make sure that you have installed `{script-name}` in `/usr/local/bin` (or `/usr/bin`) with owner `root` and mode `0755`.\n. Add these two lines into `/etc/ssh/sshd_config`:\n+\n[source, subs=\"verbatim, attributes\"]\n----\nAuthorizedKeysCommand /usr/local/bin/{script-name}\nAuthorizedKeysCommandUser nobody\n----\n\n. Restart sshd and check log file if there’s no problem.\n\nNote: This method is supported by OpenSSH since version 6.2-p1 (or 5.3 onRedHat).\nIf you have an older version and can’t upgrade, for whatever weird reason, use http://code.google.com/p/openssh-lpk/[openssh-lpk] patch instead.\n\n\n== Setup LDAP server\n\nJust add the https://raw.githubusercontent.com/jirutka/ssh-ldap-pubkey/v0.4.1/etc/openssh-lpk.schema[openssh-lpk.schema] to your LDAP server, **or** add an attribute named `sshPublicKey` to any existing schema which is already defined in people entries.\nThat’s all.\n\nNote: Presumably, you’ve already setup your LDAP server for centralized unix users management, i.e. you have the http://www.zytrax.com/books/ldap/ape/nis.html[NIS schema] and users in LDAP.\n\n\n== License\n\nThis project is licensed under http://opensource.org/licenses/MIT[MIT License].\nFor the full text of the license, see the link:LICENSE[LICENSE] file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjirutka%2Fssh-getkey-ldap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjirutka%2Fssh-getkey-ldap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjirutka%2Fssh-getkey-ldap/lists"}