Event

Event
13:35
-
13:55
Day 2
SSH logins in practice: certificates vs. OPKSSH
H.2214
English
<p>SSH is the default access method for Linux servers, typically configured with passwords or public/private key authentication. However, in large multi-user deployments, these methods have significant drawbacks: security of private keys on unmanaged clients, key management on the server side, and the difficulty of integrating multi-factor authentication.</p> <p>Alternative methods exist but are not always easy to implement. In this talk, I compare two of the most promising approaches—OpenSSH certificates and OpenPubKey (OPKSSH)—based on a recent evaluation for a multi-user compute cluster with dozens of machines and hundreds of unmanaged clients. I discuss the advantages and limitations of each approach, including client configuration, required additional software, and operational complexity.</p> <p>The presentation includes live demos illustrating how each method works from both the client and server perspective, and a closer look at the inner workings of SSH certificates and OPKSSH.</p> <p>Links: https://www.openssh.org https://github.com/openpubkey/openpubkey https://github.com/openpubkey/opkssh</p>