SSH Certification Authority as Plugin for WaTTS

From Lsdf
Jump to navigationJump to search

Description

In the European Project INDIGO DataCloud [0] we implement authentication and authorization services for the Cloud and for orchestration services to spin up a huge number of virtual servers on demand.

Some users need to get access to these VMs via SSH. Remote access to VMs is usually done through the secure shell (ssh [1]).

Managing all the permissions in a very dynamic environment is hard.

The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs.

Tasks

  • understanding ssh-ca
  • getting familiar with WaTTS and how to implement a plugin
  • implement the plugin

Requirements

  • good knowledge of Linux
  • working with the command line
  • programming experience e.g. python or go

References

[0] https://www.indigo-datacloud.eu/
[1] https://en.wikipedia.org/wiki/Secure_Shell
[2] https://www.gitbook.com/book/indigo-dc/token-translation-service/details
[3] https://watts-dev.data.kit.edu
[3] https://github.com/cloudtools/ssh-cert-authority

Contact

uros.stevanovic@kit.edu