I've set up a Keycloak server and I'm working on integrating it with a Linux server to allow users from Keycloak to authenticate into the Linux server using their Keycloak credentials.
Ideally, I'd like it so that when users run the ssh server-name@server-ip command, it opens a Keycloak login page where they can enter their credentials and gain access to the system.
My research led me to explore PAM as a way to configure Keycloak integration with a linux server. I installed kc-ssh-pam binary and added the following line to the /etc/pam.d/sshd directory:
auth sufficient pam_exec.so expose_authtok log=/var/log/kc-ssh-pam.log /opt/kc-ssh-pam/kc-ssh-pam
After that, I edited the config.toml file with my Keycloak configurations as shown below, and ran sudo systemctl restart sshd to restart the ssh daemon. However, I'm not achieving the expected result when I run the ssh server-name@server-ip command.
realm = "realm_name"
endpoint = "https://keycloak_server_url"
clientid = "ssh_client_id"
clientsecret = "ssh_client_secret"
clientscop = "openid"
Is this an ideal use case? I have limited resources to accomplish this, so I would appreciate any steps or recommended guides that could help me achieve this.
