install openssh with ldap public key patch on debian lenny

30 Jul 2010

set up ldap, install ldap-utils libpam-ldap libnss-ldap nscd

$ vim /etc/nsswitch.conf
passwd:         ldap compat
group:          ldap compat
shadow:         ldap compat

$ cd /etc/pam.d
$ vim common-account 
account sufficient      pam_ldap.so

$ vim common-auth 
auth sufficient      pam_ldap.so

$ vim common-password
password sufficient      pam_ldap.so

$ vim common-session
session     required      pam_mkhomedir.so skel=/etc/skel umask=0022

$ vim /etc/ldap/ldap.conf 
BASE    dc=nullren,dc=com
URI     ldap://pollux

$ /etc/init.d/nscd restart

these two pages helped me a lot: SSH Public Keys from LDAP and OpenSSH LPK+HPN.

this ended up being a lot easier than i let it. this is how i compiled openssh with ldap public key support.

first i set up my build env

$ cd /tmp
$ svn checkout http://openssh-lpk.googlecode.com/svn/trunk/ openssh-lpk-read-only
$ mkdir openssh
$ cd openssh
$ apt-get source openssh
$ apt-get build-dep openssh
$ apt-get install libldap2-dev

i then ran the patches on the openssh source:

$ cd openssh-5.1p1
$ patch < ../../openssh-lpk-read-only/patch/contrib/contrib-openssh-lpk-5.1p1-0.3.10.patch
$ patch < ../../openssh-lpk-read-only/patch/contrib/contrib-openssh-5.1_p1-lpk-64bit.patch

had to add ./configure flags to run, i just opened up debian/rules, found the lines with ./configure on them, and added to the end: --with-libs="-lldap" --with-ldflags="-L/usr/lib" --with-cppflags="-I/usr/include -DWITH_LDAP_PUBKEY"

here is a diff you can look at:

117c117
<       cd build-deb && ../configure $(confflags)
---
>       cd build-deb && ../configure $(confflags) --with-libs="-lldap" --with-ldflags="-L/usr/lib" --with-cppflags="-I/usr/include -DWITH_LDAP_PUBKEY"
136c136
<       cd build-udeb && ../configure $(confflags_udeb)
---
>       cd build-udeb && ../configure $(confflags_udeb) --with-libs="-lldap" --with-ldflags="-L/usr/lib" --with-cppflags="-I/usr/include -DWITH_LDAP_PUBKEY"

then i was ready to build:

dpkg-buildpackage -us -uc

then i had my package built: openssh-server_5.1p1-5_amd64.deb. all that was left to do was install:

$ cd ..
$ dpkg -i openssh-server_5.1p1-5_amd64.deb
$ vim /etc/ssh/sshd_config

i added this to the end:

UseLPK yes
LpkLdapConf /etc/ldap/ldap.conf

and restarted ssh:

$ /etc/init.d/ssh restart

yay! now i can log in with my test users.