SSH Controls requires:
- Korn shell
- Perl (a recent v5 will do)
- SSH client + server (on both SSH master & client hosts). SFTP must be allowed on all client hosts.
- SUDO (on client hosts)
SSH Controls consists of:
- A generated SSH public/private key pair for each end-user:
- The private key is located on the end-user’s computer/device or source host.
- The public key should be located at a pre-configured location on each of the client hosts (also referred to as the SSH Controls local repository)
- A set of master configuration files (aka the SSH Controls master repository):
access: defines which persons (aka personal users or functional/technical accounts) should have access where (i.e. target host) and how (i.e. using which local OS account)
alias: defines aliases (aka groupings) for keys, users, hosts or other groups. These aliases may be referenced in the
targets: defines the list to which SSH Controls files should be distributed.
keys.d(directory): can be either of
- A file containing a pre-formatted list of public SSH keys
- A directory containing individual public SSH key files (grouped or singular)
fingerprints: an on-demand generated list of SSH key fingerprints.
- A set of management scripts:
update_ssh.pl: script to locally update & control the SSH
manage_ssh.sh: script to distribute the SSH Controls files, create the fingerprints list or to trigger the
convert_pubkey.pl: script to convert SSH public keys into the right format.
- A correct working environment:
- A working SSH login for each of the client hosts (chicken-and-the-egg!)
- A running SSH agent that will propagate the maintainer’s private key to each of the client systems for remote access/control (see also the Master to slave operations topic for more information on this).
- Pre-configured SUDO rules for the SSH Controls on each of the client systems. You can use SUDO Controls for this purpose