• Home
• Activities
• FedSSH

FedSSH is a solution based on OpenSSH, able to get user public keys from a directory in order to integrate SSH servers within a federated infrastructure. An institution, even twhen not intending to share access with others members of the federation, can take advantage of this solution since this make easier the management of the policy access to their nodes.

This is a achieved by means of a policy depending on user attributes rather than on user identifiers.

The architecture of FedSSH consists of two main parts:

• The mechanisms to retrieve user public keys stored previously in a directory.
• A Web application managing who is allowed to store his public keys into the directory.

FedSSH offers two choices for the first component:

• An small patch (10 Kb) for OpenSSH, allowing it to connect to a LDAP server an retrieve user public keys.
• A set of scripts and REST-style web services that allow OpenSSH to update its public keys repository from a LDAP server.

Thanks to the web application, users are able to upload their public keys into the directory, although this action only can be done when they, and their attributes, comply with the authorization policy. This policy comprises:

• SSH servers deployed in the federation or the institution itself.
• How those SSH servers are going to get users' public keys.
• In each server, a set of rules on the user attributes that must be satisfied in order to allow a user to upload public keys.

Also, a set of nodes can be joined as a group, making rule management easier.