SSH Certification Authority as Plugin for WaTTS: Difference between revisions
From Lsdf
Jump to navigationJump to search
(Created page with "= Description = The INDIGO DataCloud [0] implements authentication and authorization services for the Cloud as well as orchestrating services to spin up a huge number of virtu...") |
No edit summary |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
= Description = |
= Description = |
||
In the European Project INDIGO DataCloud [0] we implement authentication and authorization services for the Cloud and for orchestration services to spin up a huge number of virtual servers on demand. |
|||
Some users |
Some users need to get access to these VMs via SSH. Remote access to VMs is usually done through the secure shell (ssh [1]). |
||
⚫ | |||
⚫ | |||
The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs. |
The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs. |
||
Line 24: | Line 26: | ||
= Contact = |
= Contact = |
||
[mailto: |
[mailto:uros.stevanovic@kit.edu uros.stevanovic@kit.edu] |
Latest revision as of 10:42, 27 October 2017
Description
In the European Project INDIGO DataCloud [0] we implement authentication and authorization services for the Cloud and for orchestration services to spin up a huge number of virtual servers on demand.
Some users need to get access to these VMs via SSH. Remote access to VMs is usually done through the secure shell (ssh [1]).
Managing all the permissions in a very dynamic environment is hard.
The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs.
Tasks
- understanding ssh-ca
- getting familiar with WaTTS and how to implement a plugin
- implement the plugin
Requirements
- good knowledge of Linux
- working with the command line
- programming experience e.g. python or go
References
- [0] https://www.indigo-datacloud.eu/
- [1] https://en.wikipedia.org/wiki/Secure_Shell
- [2] https://www.gitbook.com/book/indigo-dc/token-translation-service/details
- [3] https://watts-dev.data.kit.edu
- [3] https://github.com/cloudtools/ssh-cert-authority