Sign up to save your podcasts
Or
Share SSH authentication using user and machine identities (asg2024)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SSH authentication using user and machine identities (asg2024)
Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.
In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this with identity claims from SSO providers to provide a centrally managed short-lived SSH certificates for users and their devices. This is implemented as an open-source project called “ssh-tpm-ca-authority”.
Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/
about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/JCJ9YT/
View all episodes
Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.
In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this with identity claims from SSO providers to provide a centrally managed short-lived SSH certificates for users and their devices. This is implemented as an open-source project called “ssh-tpm-ca-authority”.
Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/
about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/JCJ9YT/