SSH Certification Authority as Plugin for WaTTS: Difference between revisions

From Lsdf
Jump to navigationJump to search
(Created page with "= Description = The INDIGO DataCloud [0] implements authentication and authorization services for the Cloud as well as orchestrating services to spin up a huge number of virtu...")
 
No edit summary
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Description =
= Description =
The INDIGO DataCloud [0] implements authentication and authorization services for the Cloud as well as orchestrating services to spin up a huge number of virtual servers on demand.
In the European Project INDIGO DataCloud [0] we implement authentication and authorization services for the Cloud and for orchestration services to spin up a huge number of virtual servers on demand.

Some users might need to get access to these VMs, maybe even for a limited of time. Usually remote access to VMs is done through the secure shell (ssh [1]). Managing all the accesses in
Some users need to get access to these VMs via SSH. Remote access to VMs is usually done through the secure shell (ssh [1]).
a very dynamic environment is hard to manage.

Managing all the permissions in a very dynamic environment is hard.


The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs.
The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs.
Line 24: Line 26:


= Contact =
= Contact =
[mailto:Bas.Wegh@kit.edu Bas.Wegh@kit.edu]
[mailto:uros.stevanovic@kit.edu uros.stevanovic@kit.edu]

Latest revision as of 10:42, 27 October 2017

Description

In the European Project INDIGO DataCloud [0] we implement authentication and authorization services for the Cloud and for orchestration services to spin up a huge number of virtual servers on demand.

Some users need to get access to these VMs via SSH. Remote access to VMs is usually done through the secure shell (ssh [1]).

Managing all the permissions in a very dynamic environment is hard.

The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs.

Tasks

  • understanding ssh-ca
  • getting familiar with WaTTS and how to implement a plugin
  • implement the plugin

Requirements

  • good knowledge of Linux
  • working with the command line
  • programming experience e.g. python or go

References

[0] https://www.indigo-datacloud.eu/
[1] https://en.wikipedia.org/wiki/Secure_Shell
[2] https://www.gitbook.com/book/indigo-dc/token-translation-service/details
[3] https://watts-dev.data.kit.edu
[3] https://github.com/cloudtools/ssh-cert-authority

Contact

uros.stevanovic@kit.edu