|
|
Introduction
SSH-Remote-Agent is secure shell (SSH)
based single sign-on system that utilizes RSA or DSS keys and existing SSH functionality
to authenticate users to allow access to compute resources. Using ssh-remote-agent,
clients log onto a secured key-server that manages their keys.
Since the private keys are kept solely on a locked-down server,
they are inaccessible to legitimate users and nefarious outsiders alike.
This work was prompted because although SSH login using keys
is deemed very secure,
user management of SSH keys has shortcomings in practice:
Users choose poor (e.g. no) passphrases to protect their keys.
Since keys have no expiration, if a key is captured, it could be surreptitiously used
for a potentially infinite period of time.
There exists no revocation mechanism for keys that are stolen. Their presence in
authorization lists must be manually detected and removed.
Private keys are typically stored on a user's personal computer and exported to
numerous servers. This practice increases both the likelihood of theft of the credentials
and the difficulty for system administrators to manage and revoke them.
To gain access to the ssh-remote-agent single-sign on (SSO) mechanism, the user must log
into the secure key-server. This initial login allows system administrators flexibility
by requiring Linux passwords, kerberos, one time passwords (OTP), or other methods
to allow access to compute resources. So, system policy could normally allow passwords
for access, but switch to requiring OTP, or even disabling SSO for user connections.
|
