SSH Certification Authority as Plugin for WaTTS

From Lsdf


In the European Project INDIGO DataCloud [0] we implement authentication and authorization services for the Cloud and for orchestration services to spin up a huge number of virtual servers on demand.

Some users need to get access to these VMs via SSH. Remote access to VMs is usually done through the secure shell (ssh [1]).

Managing all the permissions in a very dynamic environment is hard.

The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs.


  • understanding ssh-ca
  • getting familiar with WaTTS and how to implement a plugin
  • implement the plugin


  • good knowledge of Linux
  • working with the command line
  • programming experience e.g. python or go