AuthorizedKeysCommand /usr/bin/ssh-ldap-pubkey-wrapper failed, status 1

Question

AuthorizedKeysCommand /usr/bin/ssh-ldap-pubkey-wrapper failed, status 1

Opened this issue 4 years ago · 2 comments

I installed ssh-ldap-pubkey as instructed, and tested it with:

ssh-ldap-pubkey list -u  abc
ssh-rsa AAA....

however when I tried to login as abc, I got this error in auth.log (after setting LogLevel DEBUG in /etc/ssh/sshd_config):

AuthorizedKeysCommand /usr/bin/ssh-ldap-pubkey-wrapper abc failed, status 1

What can I try to troubleshoot this problem?

Answer 1 · 2020-08-01T10:42:54.000Z

Could it be wrong path to wrapper?
My Ubuntu 18.04 seems to have it at /usr/local/bin/ssh-ldap-pubkey-wrapper

Answer 2 · 2020-08-01T12:14:02.000Z

I debugged it by su to nobody and ran the command. It turned out nobody user could not read ldap.conf. So I changed permission of ldap.conf to 644 and it works now. But now any user on the system can read ldap.conf and hence the value of bindpw. There must be a better way to solve it?