Is it possible to hook a web application's login to an SSH server? I'd like to have access to a web control panel hooked to an SSH user group. They could use the same password for the control panel login as they would for their normal SSH account. It doesn't need to give them SSH access- just do the username/password authentication. Ideally, it could use their SSH key to auto-login, when they visit the control panel, but I'm skeptical that that is possible.
Ssh – How to use SSH for web application login
apache-2.4loginssh
Related Topic
- SSH Authentication – Public Key Authentication Over HTTP/HTTPS
- Ssh – How to automate SSH login with password
- Windows – Is the password compromised because I forgot to hit Enter after ssh username
- SSH Key Authentication – How to Set Up SSH Key Authentication Using LDAP
- Ssh – use Public-Key Authentication for SSH
- Ubuntu – Use a different password for SSH access from local login
Best Answer
For a large part your question translates to: I want my web application to authenticate users against the system user database (
/etc/passwd
,/etc/shadow
and/etc/group
), just like SSH does. The jargon for the Linux system authentication layer is PAM, pluggable authentication Modules.The quickest is most likely to configure Apache to provide PAM support. A recipe is to run pwauth and mod_authnz_external resulting in a Apache configuration looking similar to:
In larger environments the local file based user authentication is often replaced with a central user directory, typically a LDAP directory. On the system level that is question of changing the PAM configuration after which all application that need authentication are instantly LDAP aware.
There's a Apache LDAP module as well although typically most applications would support LDAP authentication natively, rather then relying on Apache. That also allows things like a "log off" button to work, functionality which doesn't exist with Apache auth.
SSH keys are specific to the SSH protocol and although you may find rebuilding that functionality in a web application an interesting challenge, you should know that the commonly used rough equivalent of SSH public key authentication in web applications is to deploy SSL client certificates.