EKCA issues short-term certificates for temporarily used keys
- Talk at LinuxDay 2019 in Dornbirn, Austria, : OpenSSH Certificates
- 2018-05-12: Slides available of EKCA talk at 18. GPN, Karlsruhe
- Lightning Talk at LDAPcon 2019: EKCA - Temporary OpenSSH user certs used as login "tickets"
EKCA is a system for issuing temporary OpenSSH certificates for users.
Basically users have to authenticate with user name, password and OTP. If authentication is sucessful a new key pair is generated and an OpenSSH certificate for the public key is signed by the CA. The new key pair gets loaded into the client-side SSH key agent.
Various password and OTP authentication mechanisms can be implemented with plugin modules. Out of the box the following modules are available:
- Password authentication via LDAP simple bind
Copyright & License
© 2018-2021 by Michael Ströder
Licensed under the Apache License, Version 2.0 (the "License"); you may not use files and content provided on this web site except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.