Openldap as an ssh gateway
I have been asked to configure a central gateway through which our developers can connect to ec2 instances.
The central gateway must be configured through a web gui so we can easily disable users ssh access to remote servers, and our developers would prefer to use ssh keys rather than usernames and passwords.
So I was thinking of creating an ldap server in EC2 so the connection would be
Developer > Openldap > ec2 instance using an SSH tunnel.
The developers would be anywhere in the world, but would only be connecting from their own inidividual laptops.
Currently they are connecting directly to the instances themselves all using the same ssh key, making administration of users impossible when someone leaves.
How do I accomplish this?