ssh-ldap-helper - Man Page

sshd helper program for ldap support


ssh-ldap-helper[-devw] [-f file] [-s user]


ssh-ldap-helper is used by sshd(1) to access keys provided by an LDAP. ssh-ldap-helper is disabled by default and can only be enabled in the sshd configuration file /etc/ssh/sshd_config by setting AuthorizedKeysCommand to “/usr/libexec/openssh/ssh-ldap-wrapper”.

ssh-ldap-helper is not intended to be invoked by the user, but from sshd(8) via ssh-ldap-wrapper.

The options are as follows:


Set the debug mode; ssh-ldap-helper prints all logs to stderr instead of syslog.


Implies -w; ssh-ldap-helper halts if it encounters an unknown item in the ldap.conf file.


ssh-ldap-helper uses this file as the ldap configuration file instead of /etc/ssh/ldap.conf (default).


ssh-ldap-helper prints out the user's keys to stdout and exits.


Implies -d; increases verbosity.


ssh-ldap-helper writes warnings about unknown items in the ldap.conf configuration file.

See Also

sshd(8), sshd_config(5), ssh-ldap.conf(5),


ssh-ldap-helper first appeared in OpenSSH 5.5 + PKA-LDAP .


Jan F. Chadima ⟨⟩

Referenced By


April 29, 2010