Home / server / Questions / 387981
In Process
Cédric Girard
Asked: 2012-05-11 08:15:49 +0800 CST

How to allow users to connect via SSH from a webapp?

  • 772

I have to create a webapp (Apache/PHP) which act as a webportal for people who need to connect via SSH on severals servers. One just go to the portal, authentify himself, and ask to open SSH access. From now, he can connect with his favorite SSH client, and can stop the session on the webapp. All servers are Debian Lenny or Squeeze, and we already connect to them throught a SSH proxy. On this proxy, there is a file /etc/ssh/sshd_config

AllowUsers [email protected].* [email protected].* 
AllowUsers [email protected].*

How can I allow or disallow a user from my webapp? An easier way than rewriting this file and restarting opensshd?

ssh

1 Answers

  1. Instead of AllowUsers, use something like AllowGroups sshaccess.

    Then you can have your web app add that user to the sshaccess group and they'll be able to authenticate. This won't require you to bounce sshd with each change like it would with AllowUsers.

    You'll get bonus points for implementing LDAP for authentication - this both makes it very easy to programmatically manage users and groups as well as allowing you to maintain one central user database that multiple servers can refer to.

    • 3