13:35
-
13:55
-
13:55
Day 2
SSH logins in practice: certificates vs. OPKSSH
<p>SSH is the default access method for Linux servers, typically configured with passwords or public/private key authentication. However, in large multi-user deployments, these methods have significant drawbacks: security of private keys on unmanaged clients, key management on the server side, and the difficulty of integrating multi-factor authentication.</p>
<p>Alternative methods exist but are not always easy to implement. In this talk, I compare two of the most promising approaches—OpenSSH certificates and OpenPubKey (OPKSSH)—based on a recent evaluation for a multi-user compute cluster with dozens of machines and hundreds of unmanaged clients. I discuss the advantages and limitations of each approach, including client configuration, required additional software, and operational complexity.</p>
<p>The presentation includes live demos illustrating how each method works from both the client and server perspective, and a closer look at the inner workings of SSH certificates and OPKSSH.</p>
<p>Links:
https://www.openssh.org
https://github.com/openpubkey/openpubkey
https://github.com/openpubkey/opkssh</p>