Certificate-based OpenSSH for Federated Identities
Abstract:
Despite being the most widely used Secure Shell Protocol (SSH) implementation, OpenSSH
only supports a very limited number of authentication mechanism including passwords,
public keys, and Kerberos. The extension of OpenSSH with support for authentication
using federated identities addresses the security risks associated with password-based
authentication, prevents cumbersome management of public keys, and streamlines user
management by enabling Single Sign-On (SSO) capabilities across diverse systems and
platforms. We present oinit, a collection of programs extending OpenSSH to support
any OpenID Connect identity provider for authentication. Our certificate-based solution
integrates seamlessly with standard OpenSSH and does not require any changes in users’
existing workflows or used programs.
only supports a very limited number of authentication mechanism including passwords,
public keys, and Kerberos. The extension of OpenSSH with support for authentication
using federated identities addresses the security risks associated with password-based
authentication, prevents cumbersome management of public keys, and streamlines user
management by enabling Single Sign-On (SSO) capabilities across diverse systems and
platforms. We present oinit, a collection of programs extending OpenSSH to support
any OpenID Connect identity provider for authentication. Our certificate-based solution
integrates seamlessly with standard OpenSSH and does not require any changes in users’
existing workflows or used programs.
| Zugehörige Institution(en) am KIT | Scientific Computing Center (SCC) |
| Publikationstyp | Hochschulschrift |
| Publikationsdatum | 29.09.2023 |
| Sprache | Englisch |
| Identifikator | KITopen-ID: 1000165236 |
| HGF-Programm | 46.21.02 (POF IV, LK 01) Cross-Domain ATMLs and Research Groups |
| Verlag | Karlsruher Institut für Technologie (KIT) |
| Umfang | iv, 62 S. |
| Art der Arbeit | Abschlussarbeit - Master |
| Prüfungsdaten | 29.9.2023 |
| Schlagwörter | Federated Identity Management, IAM, AAI, SSH, Secure Shell, SSH-Certificates |
| Referent/Betreuer | Streit, Achim Neumair, Bernhard Hardt, Marcus |