EKCA

EKCA issues short-term certificates for temporarily used keys

News:

• Talk at LinuxDay 2019 in Dornbirn, Austria, Saturday, 2019-10-19 15:00: OpenSSH Certificates
• 2018-05-12: Slides available of EKCA talk at 18. GPN, Karlsruhe
• Lightning Talk at LDAPcon 2019: EKCA - Temporary OpenSSH user certs used as login "tickets"

Introduction

EKCA is a system for issuing temporary OpenSSH certificates for users.

Basically users have to authenticate with user name, password and OTP. If authentication is sucessful a new key pair is generated and an OpenSSH certificate for the public key is signed by the CA. The new key pair gets loaded into the client-side SSH key agent.

Various password and OTP authentication mechanisms can be implemented with plugin modules. Out of the box the following modules are available:

• Password authentication via LDAP simple bind

Copyright & License

© 2018-2021 by Michael Ströder

  Licensed under the Apache License, Version 2.0 (the "License"); you may
  not use files and content provided on this web site except in compliance
  with the License. You may obtain a copy of the License at

      https://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.