ssh login using public keys for users that do not (yet) exist
Solution 1:
The simple answer is that you can't do this without writing your own plugin for PAM.
Depending on your business needs, it may actually make more sense to hook the box to an LDAP backend for the user database.
To get a little more specific, sshd
is going to look to PAM to authenticate the user. If the user database doesn't have a record, the user will be set to unknown
, which is going to create a nightmare of an experience for the user. Further, there is no PAM module that I'm familiar with that will take the username supplied by sshd
and create a record of it in passwd
.
Solution 2:
FreeIPA together with SSSD may be the right answer to your question: keep the user database in one place (FreeIPA) and let the workstation to consult it (SSSD) for user information and create the home directories for them on the fly (pam_mkhomedir). FreeIPA even lets you to keep ssh public keys in database, you don't have to enroll them to each and every workstation.