Dr. Chris Hines1
1Monash Eresearch Centre, Australia
Biography:
Chris trained as a physicist but didn't like the pressure to publish. Now he enjoys helping other people get their research done using the skills he has acquired along the way.
Abstract:
Passwords are a known weak point for securing access to any system. Many web based portals have already moved to requiring the use of a second factor and often allowing the use of Single Sign On (SSO).
A number of solutions including SmallStep CA and Go teleport exists to bridge the gap. All are based on using a web based authentication to generate an SSH Certifcate (a short lived token) that can be used to authenticate to a remote system.
All the solutions I could find were large, and complicated with poorly documented APIs and a hard requirement to use/install their end user client. SSHAuthZ differs in that is small (< 1000 lines of python) with an OpenAPI specification, and I provide a simple browser based client if you don't want to install a helper script.
In this workshop you will deploy a simple SSHAuthZ server, and a test VM. We'll configure the VM to trust the server and configure your list of "Authorised users" We'll work though using the web browser as your primary client, as well as setting up your ssh config for "more convenient" processes. We'll look at configuring your VM so that ONLY certificates are accepted and password or regular ssh key access can be denied.