Difference between revisions of "SSH Certification Authority as Plugin for WaTTS"
From Lsdf
(Created page with "= Description = The INDIGO DataCloud [0] implements authentication and authorization services for the Cloud as well as orchestrating services to spin up a huge number of virtu...") |
|||
(2 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
= Description = |
= Description = |
||
− | + | In the European Project INDIGO DataCloud [0] we implement authentication and authorization services for the Cloud and for orchestration services to spin up a huge number of virtual servers on demand. |
|
+ | |||
− | Some users might need to get access to these VMs, maybe even for a limited of time. Usually remote access to VMs is done through the secure shell (ssh [1]). Managing all the accesses in |
||
+ | Some users need to get access to these VMs via SSH. Remote access to VMs is usually done through the secure shell (ssh [1]). |
||
− | a very dynamic environment is hard to manage. |
||
+ | |||
+ | Managing all the permissions in a very dynamic environment is hard. |
||
The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs. |
The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs. |
||
Line 24: | Line 26: | ||
= Contact = |
= Contact = |
||
− | [mailto: |
+ | [mailto:uros.stevanovic@kit.edu uros.stevanovic@kit.edu] |
Latest revision as of 10:42, 27 October 2017
Description
In the European Project INDIGO DataCloud [0] we implement authentication and authorization services for the Cloud and for orchestration services to spin up a huge number of virtual servers on demand.
Some users need to get access to these VMs via SSH. Remote access to VMs is usually done through the secure shell (ssh [1]).
Managing all the permissions in a very dynamic environment is hard.
The goal of this project is to develop a plugin for WaTTS [2], the INDIGO Token Translation Service, that functions as a SSH-CA, so that only one public key needs to be deployed on all VMs.
Tasks
- understanding ssh-ca
- getting familiar with WaTTS and how to implement a plugin
- implement the plugin
Requirements
- good knowledge of Linux
- working with the command line
- programming experience e.g. python or go
References
- [0] https://www.indigo-datacloud.eu/
- [1] https://en.wikipedia.org/wiki/Secure_Shell
- [2] https://www.gitbook.com/book/indigo-dc/token-translation-service/details
- [3] https://watts-dev.data.kit.edu
- [3] https://github.com/cloudtools/ssh-cert-authority