Hi,

i freshly installed ska solution.
Connection to url is ok but i got

Oops! Something went wrong! Sorry, but it looks like something needs fixing on the system. The problem has been automatically reported to the administrators, but if you wish, you can also [provide additional information](mailto:[email protected]?subject=SSH%20Key%20Authority%20error%20number%201656666630) about what you were doing that may have triggered the error.

the log indicates
[Fri Jul 01 11:10:30.096739 2022] [php7:notice] [pid 1259] [client 10.101.1.142:56121] 1656666630: UserNotFoundException: User does not exist. in /var/www/ssh-key-authority/model/user.php:379\n1656666630: Stack trace:\n1656666630: #0 /var/www/ssh-key-authority/model/userdirectory.php(100): User->get_details_from_ldap(true)\n1656666630: #1 /var/www/ssh-key-authority/requesthandler.php(24): UserDirectory->get_user_by_uid('superaccount-admin', true)\n1656666630: #2 /var/www/ssh-key-authority/public_html/init.php(18): require('/var/www/ssh-ke...')\n1656666630: #3 {main}, referer: https://ssh-mgmt.corp.domain.com/

here's my ldap configuration
`[ldap]
; Address to connect to LDAP server
host = ldap://dc.domain.com
; Use StartTLS for connection security (recommended if using ldap:// instead
; of ldaps:// above)
starttls = 0
; LDAP subtree containing USER entries
dn_user = "ou=services account,dc=domain,dc=com"
;LDAP subtree containing GROUP entries
dn_group = "ou=groups,dc=domain,dc=com"
; (Optional) filter for matching user objects
user_filter = "(objectClass=inetOrgPerson)"
;user_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"

; (Optional) filter for matching group objects

; Set to 1 if the LDAP library should process referrals. In most cases this
; is not needed, and for AD servers it can cause errors when querying the
; whole tree.
follow_referrals = 0

; Leave bind_dn empty if binding is not required
bind_dn = [email protected]
bind_password = "!?superpassword?!"

; User attributes
user_id = sAMAccountName
user_name = cn
user_email = mail
;user_superior = superioremployee`

i certify the user exist because if i change the
bind_password = "!?superpasswordblabla?!"
the error is
ErrorException: ldap_bind(): Unable to bind to server: Invalid credentials in /var/www/ssh-key-authority/ldap.php

so what's wrong in the configuration ?
i really don't know :/

can someone help pls?

Hi,

first of all I love the tool. But one thing isnt really User Friendly.
It would be great if a user wouldn't even have the chance to click on the root account of a server.

Could you add that when its a root account the links are removed and the "Manage Account" button are disabled?

So the Users doesnt have to see the "Ooops! Something went wrong!" so often.

Problem Sync from UI

When I add a server, it automatically remains as a root account waiting to be synchronized, I click on the sync now button and it tells me SSH Auhentication failed.

Checking the log tells me this.

Jun  8 09:33:40 ska syncd.php: Daemon started
Jun  8 09:33:46 ska syncd.php: Sync process spawning for: 1/
Jun  8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Preparing sync.
Jun  8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Checking IP address XXX.XXX.XXX.XXX.
Jun  8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Attempting to connect.
Jun  8 09:33:48 ska syncd.php: 2018-06-08T13:33:46+00:00 devel-ol6.inacap.cl: Public key authentication failed.
Jun  8 09:34:01 ska systemd: Started Session 1047 of user root.
Jun  8 09:34:01 ska systemd: Starting Session 1047 of user root.

I check the destination server and I have the following:

[root@devel-ol6 ~]# cat /etc/passwd |grep keys-sync
keys-sync:x:498:498::/var/local/keys-sync:/bin/sh
[root@devel-ol6 ~]#
[root@devel-ol6 ~]# ls -la /var/local/
total 12
drwxr-xr-x.  3 root root 4096 Jun  7 17:39 .
drwxr-xr-x. 19 root root 4096 Jun  7 16:53 ..
drwx--x--x   2 root root 4096 Jun  8 09:28 keys-sync
[root@devel-ol6 ~]# ls -la /var/local/keys-sync/
total 28
drwx--x--x  2 root      root      4096 Jun  8 09:28 .
drwxr-xr-x. 3 root      root      4096 Jun  7 17:39 ..
-rw-r--r--  1 root      root        18 Jun  7 17:40 .bash_logout
-rw-r--r--  1 root      root       176 Jun  7 17:40 .bash_profile
-rw-r--r--  1 root      root       124 Jun  7 17:40 .bashrc
-rw-r--r--  1 keys-sync keys-sync  735 Jun  7 18:24 keys-sync
[root@devel-ol6 ~]#
[root@devel-ol6 ~]# cat /etc/ssh/sshd_config |grep AuthorizedKeysFile
#AuthorizedKeysFile	.ssh/authorized_keys
AuthorizedKeysFile	/var/local/keys-sync/%u
[root@devel-ol6 ~]# cat /etc/ssh/sshd_config |grep StrictModes
StrictModes no
[root@devel-ol6 ~]#

The sshd service has been restarted.

From the SKA server, login with the keys-sync account and I have access to the destination server without a password.

[root@ska ~]# su - keys-sync
Last login: Fri Jun  8 09:47:33 -04 2018 on pts/0
-sh-4.2$ ssh devel-ol6.inacap.cl
Last login: Fri Jun  8 09:47:42 2018 from XXXXXXXXX
-sh-4.1$ hostname
devel-ol6.inacap.cl
-sh-4.1$ exit
logout
Connection to devel-ol6.inacap.cl closed.
-sh-4.2$ hostname
ska.inacap.cl
-sh-4.2$ exit
logout
[root@ska ~]#

But with the root account I can not enter the destination server without a password and the keys are the same for both accounts.

[root@ska ~]# ssh devel-ol6.inacap.cl
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@ska ~]# ls .ssh/
id_rsa  id_rsa.pub  known_hosts
[root@ska ~]# ls /var/local/keys-sync/.ssh/
id_rsa  id_rsa.pub  known_hosts
[root@ska ~]# diff ~/.ssh/id_rsa.pub /var/local/keys-sync/.ssh/id_rsa.pub
[root@ska ~]# diff ~/.ssh/id_rsa /var/local/keys-sync/.ssh/id_rsa
[root@ska ~]# md5sum ~/.ssh/id_rsa
72e6d7295e2f302e4f4ab1027917d1ba  /root/.ssh/id_rsa
[root@ska ~]# md5sum ~/.ssh/id_rsa.pub
1d5ca306000b6f6102e93d822f75477d  /root/.ssh/id_rsa.pub
[root@ska ~]# md5sum /var/local/keys-sync/.ssh/id_rsa
72e6d7295e2f302e4f4ab1027917d1ba  /var/local/keys-sync/.ssh/id_rsa
[root@ska ~]# md5sum /var/local/keys-sync/.ssh/id_rsa.pub
1d5ca306000b6f6102e93d822f75477d  /var/local/keys-sync/.ssh/id_rsa.pub
[root@ska ~]#

Now if I run the sync.php manually it works.

[root@ska scripts]# /opt/rh/rh-php56/root/usr/bin/php sync.php -h devel-ol6.inacap.cl
2018-06-08T13:57:39+00:00 devel-ol6.inacap.cl: Preparing sync.
2018-06-08T13:57:39+00:00 devel-ol6.inacap.cl: Checking IP address XXX.XXX.XXX.XXX.
2018-06-08T13:57:39+00:00 devel-ol6.inacap.cl: Attempting to connect.
2018-06-08T13:57:40+00:00 devel-ol6.inacap.cl: Logged in as keys-sync.
devel-ol6.inacap.cl: Sync command execution failed for root, file_put_contents(): Unable to open ssh2.sftp://Resource id #31/var/local/keys-sync/root on remote host
2018-06-08T13:57:40+00:00 devel-ol6.inacap.cl: Sync finished
[root@ska scripts]# /opt/rh/rh-php56/root/usr/bin/php sync.php -h devel-ol6.inacap.cl -u root
2018-06-08T13:57:44+00:00 devel-ol6.inacap.cl: Preparing sync.
2018-06-08T13:57:44+00:00 devel-ol6.inacap.cl: Checking IP address XXX.XXX.XXX.XXX.
2018-06-08T13:57:44+00:00 devel-ol6.inacap.cl: Attempting to connect.
2018-06-08T13:57:44+00:00 devel-ol6.inacap.cl: Logged in as keys-sync.
devel-ol6.inacap.cl: Sync command execution failed for root, file_put_contents(): Unable to open ssh2.sftp://Resource id #31/var/local/keys-sync/root on remote host
2018-06-08T13:57:44+00:00 devel-ol6.inacap.cl: Sync finished
[root@ska scripts]# /opt/rh/rh-php56/root/usr/bin/php sync.php -h devel-ol6.inacap.cl -u keys-sync
2018-06-08T13:57:50+00:00 devel-ol6.inacap.cl: Preparing sync.
2018-06-08T13:57:50+00:00 devel-ol6.inacap.cl: Checking IP address XXX.XXX.XXX.XXX.
2018-06-08T13:57:50+00:00 devel-ol6.inacap.cl: Attempting to connect.
2018-06-08T13:57:50+00:00 devel-ol6.inacap.cl: Logged in as keys-sync.
2018-06-08T13:57:50+00:00 devel-ol6.inacap.cl: Sync finished
[root@ska scripts]#

I may have something wrong configured but I have not been able to find it, I would appreciate any help in this regard.

Access to the website is under LDAP as recommended in the README.

But the keys-sync account in the UI appears Inactive, do I have to create that account in the Active Directory?

I am currently using my own account to access the UI and create the ska-administrator group where I am a member.

Hi,

do you have documentation that include the commands that you run to setup the server, really appreciate if you have it.

Hi,

I want to ask. Every time add new server, the default user cannot be configured. Every time i click the always said "Oops...."
Please help.. Thank you..

Here are the error :

Reported internally by Tobias Josefowitz of Opera Software, aside from SSH host key verification, SKA does not perform any further verification that it has connected to the correct server when syncing keys to a server. A malicious server administrator could use SSH port redirection (eg. via iptables) to sync the keys for their server to another server of their choosing, and since server administrators can reset the SSH host key for their own server in SKA, the sync to the wrong server would be allowed to go ahead.

Please help, after update hostname on database, sync status on web still "pending" , but after sync manual with command, user can be access the server but on the web sync_status still pending.

need your help.

Hi,

I've added three methods to the user class to be able to add and remove public keys to a LDAP attribute. The idea is that I like to store the public keys directly in LDAP. This can then be used in other software that allow pulling public keys from LDAP. SSH key authority is then the nice interface allowing users to add public keys to their accounts.

I tested it for my own use and it seems to work reliably, and all new functions can be deactivated by not setting the required attribute name in the config file.
Would this be something you would be interested in looking at and eventually pulling ?

Hello,

I am currently trying to create a dockerized setup of this tool, but I am unable to fulfill the requirements.
The Docker image should be based on PHP 7.3, but the SSH2 php package does not seem to support any PHP 7.x version yet. My problem regarding PHP 5 is that its support ended recently, so I do not want to use it.

Do you have any suggestions, what I can do instead of waiting for a supported SSH2 php version?

Best regards,
Miroka

Just like what i said in the title. This is useful.

Sorry but i can't find the delete or the rename button.
This would be a feature what is important.
Just found the possibility to disable things.

could you provide detailed installation steps for this centralized ssh server as going by just requirement is bit vague, as what and where to put specific changes for ldap and other settings.

run docker version of this also from this url "https://hub.docker.com/r/toendeavour/ssh-key-authority", but ran into following problem/errors.

config.ini not found or incorrect permissions.
Permissions must be 100:65533 with at least 400

If you could provide latest working installation step for all requirements, it will very helpful.
Thanks.

Can someone create a documentaion for this? i really confused and always get
Internal Server Error... :')

Hi,
just trying this nice tool out.
I've been able to setup everything properly, but I have the following error when I launch a sync: 1 account failed to sync .
When I login via ssh as keys-sync to the server I am trying to sync to, and navigate to the /var/local/keys-sync folder I can create a file with no issue.

Here is my log
Sync process spawning for: 2/
Sep 30 21:39:24 piglet syncd.php[5483]: 2018-09-30T19:39:21+00:00 linux-server.dandc.luzzato.com: Preparing sync.
Sep 30 21:39:24 piglet syncd.php[5483]: 2018-09-30T19:39:21+00:00 linux-server.dandc.luzzato.com: Checking IP address 192.168.48.7.
Sep 30 21:39:24 piglet syncd.php[5483]: 2018-09-30T19:39:21+00:00 linux-server.dandc.luzzato.com: Attempting to connect.
Sep 30 21:39:24 piglet syncd.php[5483]: 2018-09-30T19:39:22+00:00 linux-server.dandc.luzzato.com: Logged in as keys-sync.
Sep 30 21:39:24 piglet syncd.php[5483]: linux-server.dandc.luzzato.com: Sync command execution failed for charles-luzzato, file_put_contents(ssh2.sftp://Resource id #31/var/local/keys-sync/charles-luzzato): failed to open stream: operation failed
Sep 30 21:39:24 piglet syncd.php[5483]: 2018-09-30T19:39:23+00:00 linux-server.dandc.luzzato.com: Sync finished

Any idea welcome, and thanks again for this nice tool !

Hi friends, plz let me know the steps to create an admin user to manage accounts and servers.

The mysql statements for create DB and create USER are both missing tick sign, since names in example has special character -. Without it mysql throws errors. Also, it's a bit confusing with the names in the README, compared to what is in the config file :)

Some time ago I installed SKA and it worked for me, but the access had it defined to a certain OU of my Active Directory, I want to expand the Scope of search but I have an error.

My config is this way

; LDAP subtree containing USER entries
dn_user = "DC=mydomain,DC=cl"
; LDAP subtree containing GROUP entries
dn_group = "DC=mydomain,DC=cl"

Checking I saw that they use the user_id as filter in ldap_search, and debug how that filter arrived and it arrives in this way,

string(26) "sAMAccountName=rgiusti.bbr"

but since the DN is global and not a specific OU, it does not find the user:

[17-Jul-2018 20:15:44 America/Santiago] 1531872944: exception 'ErrorException' with message 'ldap_search(): Search: Operations error' in /opt/rh/httpd24/root/var/www/ssh-key-authority/ldap.php:55
1531872944: Stack trace:
1531872944: #0 [internal function]: exception_error_handler(2, 'ldap_search(): ...', '/opt/rh/httpd24...', 55, Array)
1531872944: #1 /opt/rh/httpd24/root/var/www/ssh-key-authority/ldap.php(55): ldap_search(Resource id #23, 'DC=mydomain,DC=cl', 'sAMAccountName=...', Array)
1531872944: #2 /opt/rh/httpd24/root/var/www/ssh-key-authority/model/user.php(311): LDAP->search('DC=mydomain,DC=cl', 'sAMAccountName=...', Array)
1531872944: #3 /opt/rh/httpd24/root/var/www/ssh-key-authority/model/userdirectory.php(99): User->get_details_from_ldap()
1531872944: #4 /opt/rh/httpd24/root/var/www/ssh-key-authority/requesthandler.php(24): UserDirectory->get_user_by_uid('rgiusti.bbr')
1531872944: #5 /opt/rh/httpd24/root/var/www/ssh-key-authority/public_html/init.php(18): require('/opt/rh/httpd24...')
1531872944: #6 {main}

Any way to make the search be in all the OUs of my Active Directory tree?

Thank you very much!

Hello.
Seems I have issue like #13 (keys-sync user is inactive). But that solution does not work for me. System user keys-sync has a read permission on keys-sync private key and keys-sync.pub public key in config directory.
Any suggestions what should I check? What additional information is needed?

I have an ftp server with many local users for external clients with no access to my Active Directory.

Is there a way to assign a public key to a local serveraccount?

I thought the public keys tab in the serveraccount could be used for this, but as it said its only for outgoing connections not for the incoming connections i need.

My workaround is to set up the server with only the root account an then manually add the users public key in /var/local/keys-sync/[username]. Which works but defeats the purpose of a ssh-key-authority.

error : [Mon May 14 14:52:32.475389 2018] [php7:notice] [pid 13349] [client 10.72.5.188:57221] 1526295152: Exception: Not logged in. in /var/www/ssh-key-authority/requesthandler.php:26\n1526295152: Stack trace:\n1526295152: #0 /var/www/ssh-key-authority/public_html/init.php(18): require()\n1526295152: #1 {main}, referer: http://10.72.4.155/

I have followed the Read.ME still it fails to load the tool.

@thomas-pike please advise

Can please someone explain me ?
rgds..

Hi, is it possible to use SKA for servers configured with a jump host? If so, could you provide a description of how it should be done? Thanks,

Good evening,

I have been looking at this project as it would be a good fit for me to deploy at work, but we use non-standard SSH ports on all our servers. I cant see how I can add the port to a server.

Could you ether advise if I can or if I should add code?

A lookup request https://our.ska.server/pubkeys.json?fingerprint=tfX3GjEgTyhv9xj8ITtAL+qWFze6NcWP5xoi4Ka1g2Q will fail because of the "+" sign in the 'fingerpring' parameter body. If the key fingerprint contains only alphanumeric chars and "/", a lookup request is executed successfully.

Hello,

I've at least one problem.
We have a few hosts behind a nat which are accessable with the same ip but with different ports.
Would it be possible to have a "behind NAT" tick so that the ip check will allow it?

Hello.
Another stupid question: how to add servers to ska?
On Servers tab I see only Filter options not Add button for example.
Thanks.

After login, I can't logout from application

Hi,

Since OpenSSH 7.8, the default format for ssh-keygen keys is no more PEM but the new OpenSSH format :

• ssh-keygen(1): write OpenSSH format private keys by default
  instead of using OpenSSL's PEM format. The OpenSSH format,
  supported in OpenSSH releases since 2014 and described in the
  PROTOCOL.key file in the source distribution, offers substantially
  better protection against offline password guessing and supports
  key comments in private keys. If necessary, it is possible to write
  old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
  when generating or updating a key.

As php-ssh2 is only compatible with PEM keys, be sure to generate (at least) the keys-sync pair this way (-m PEM) :
ssh-keygen -t rsa -b 4096 -m PEM -C 'comment'

Failure to do so will give you "SSH authentication failed" when syncing servers.

Hello,

On new opnsense it is not possible to sync anymore because in the last versions openssh 8.8 ist used and they removed ssh-rsa in PubkeyAcceptedAlgorithms.

Is there a way to make it working again?
userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

Is it possible to provide the Project as a Docker container?

Hello.
I am trying to integrate ska with AD.
config.ini [ldap] section
host = ldap://xxx.xxx.xxx.xxx:389
starttls = 0
dn_user = "ou=users,dc=corp,dc=domain,dc=tld"
dn_group = "ou=rolebasedgroups,dc=corp,dc=domain,dc=tld"
bind_dn = [email protected]
bind_password = SomeStrongPass
user_id = samAccountName
user_name = cn
user_email = mail
group_member = memberOf
group_member_value = samAccountName
admin_group_cn = ska-administrators
After logon I am having an error, see screenshot.

Apache error log
[:error] [pid 12036] [client yyy.yyy.yyy.yyy:13708] 1530782564: exception 'ErrorException' with message 'ldap_bind(): Unable to bind to server: Invalid credentials' in /opt/ska/ldap.php:41\n1530782564: Stack trace:\n1530782564: #0 [internal function]: exception_error_handler(2, 'ldap_bind(): Un...', '/opt/ska/ldap.p...', 41, Array)\n1530782564: #1 /opt/ska/ldap.php(41): ldap_bind(Resource id #23, '[email protected]....', '2')\n1530782564: #2 /opt/ska/ldap.php(46): LDAP->connect()\n1530782564: #3 /opt/ska/model/user.php(311): LDAP->search('ou=users,dc=domain...', 'samAccountName=...', Array)\n1530782564: #4 /opt/ska/model/userdirectory.php(99): User->get_details_from_ldap()\n1530782564: #5 /opt/ska/requesthandler.php(24): UserDirectory->get_user_by_uid('logged_on_user')\n1530782564: #6 /opt/ska/public_html/init.php(18): require('/opt/ska/reques...')\n1530782564: #7 {main}
Meanwhile I can connect with bind_dn and bind_password to AD host from ADExplorer successfully.
What should I do to fix this?
Thanks.

Hello,

Thank you for this tool, it is great.
I've one question.
Would it be possible to manage groups over the ldap (not only the admin group)?
This would be better to manage.

What do you think about a logout button?
In the meantime it should be possible to log auth from apache ldap authentification, as far as i saw it wasn't possible when you wrote this tool.

Currently if a user requests access that they already have, both the access rule and the access request will coexist, likely confusing the server admin. Instead of creating the access request, the existing rule should be detected and they should just be told that that they already have access.

Hi, after upgrading to php7.4, I was having issues with php errors of the type Uncaught ErrorException: Trying to access array offset on value of type null in the file core.php at line 100.

I therefore changed

$prefix = $args[0][0] == "/" ? "/" : "";

to

        if ($args[0] !== null) {
            $prefix = $args[0][0] == "/" ? "/" : "";
        } else {
            $prefix = "";
        }

Its not very clean, but I don't really know php !
Hope it helps others having the same issue. I can create a merge request if this is acceptable.

If users and groups are in the same subtree in LDAP, very confusing things can happen (eg. lines 44-52 of views/server.php will find a "user" that is actually a group when trying to add a group as an admin of a server).

If we add some optional user_query and group_query attributes to filter them separately then we can avoid this problem and support a greater variety of LDAP structures.

README indicates LDAP support but it's not clear if it's required. Thanks for clarifying this.

It would be great to assign not only people but also servers to groups, to be able to quickly apply access rules to the whole lot of them.

An inactive user can log in and see the list of servers, keys etc.

Hello,

Everthing should be alright.
The keys are in config/keys-sync and config/keys-sync.pub on the server.
On the client a user was created with name keys-sync.
Strict mode is off and and the AuthorizedKeysFile /var/local/keys-sync/%u ist configured.
Also a file /var/local/keys-sync/keys-sync is there with the correct public key in it.
I tested it, i can ssh in the bash with the config/keys-sync cert to the client as th euser keys-sync.

I´m using php7.4.

A nice alternative to the current LDAP service requirement for authentication could be implemented by using Apache basic authentication.

This would also be a good way to get more adoption (and possibly contributions) for this application.

php-mbstring

Hi! I have several hosts behind nat, they have ssh port like 10023, 11023, etc. When i try to sync get the error "Multiple hosts with same IP address". Can i disable this check?

Hi Opera Team,

SKA is brilliant software. I use it for several months and works great.
I have issue with Centos 8 installations. When I add new key all key file permissions changes to 0600 and no one can login except root. For example:

ll /var/local/keys-sync/
total 16
-rw------- 1 keys-sync keys-sync 1658 May 11 22:22 user2
-rw-r--r-- 1 root      root      1414 May 11 22:21 keys-sync
-rw------- 1 keys-sync keys-sync 2338 May 11 22:22 user1
-rw------- 1 keys-sync keys-sync  292 May 11 22:22 root

Could you help me to deal with this issue?

Hello,

I´ve the following problem:
PHP Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'system = ?' at line 1 in /srv/keys/model/groupdirectory.php:35 Stack trace: #0 /srv/keys/model/groupdirectory.php(35): mysqli->prepare() #1 /srv/keys/scripts/ldap_update.php(44): GroupDirectory->add_group() #2 {main} thrown in /srv/keys/model/groupdirectory.php on line 35

Seems group isn't escaped correctly.
But i`m not good in php, so can you please help me?

Thanks.

Is there a possibility for admins to remove a public key from a user's account?
For example if a private key gets compromised and has to be removed, but the user itself is unable to.
I've looked all over the application but was not able to find anything related.

I appreciate any insights.
Thank you for your work, SKA really helps us out!

Hello,
I really like this project, but for our use case we require to have the app running from something other than /
For example: example.com/authentication/ssh is a reverse proxy that would forward to backend.local/authentication/ssh

Is it possible to add support to change the app to respond on a user configurable application root such as /authentication/ssh?

Hello there,

can't figure out how ti configure LDAP settings in config.ini:

[ldap]
host = ldaps://ldap.example.com:636
starttls = 0
dn_user = "ou=Users,dc=example,dc=com"
dn_group = "ou=Groups,dc=example,dc=com"
follow_referrals = 0
bind_dn = "uid=********,ou=service_acc,dc=example,dc=com"
bind_password = *******
user_id = uid
user_name = cn
user_email = mail
group_member = memberUid
group_member_value = uid
admin_group_cn = sysops

When i run ldap_update.php, I've got group "sysops" with no members in it!
With ldapsearch I can list users in same group:

ldapsearch -x -D "uid=********,ou=service_acc,dc=example,dc=com" -w ******* "cn=sysops"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> (default) with scope subtree
# filter: cn=sysops
# requesting: ALL
#

# sysops, Groups, example.com
dn: cn=sysops,ou=Groups,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: sysops
gidNumber: 38947
memberUid: uid=********,ou=Users,dc=example,dc=com
memberUid: uid=********,ou=Users,dc=example,dc=com
memberUid: uid=********,ou=Users,dc=example,dc=com
memberUid: uid=********,ou=Users,dc=example,dc=com
memberUid: uid=********,ou=Users,dc=example,dc=com

Regards,
Velin Budinov