SSH Controls requires:
- Korn shell
- Perl (a recent v5 will do)
- SSH client + server (on both SSH master & client hosts). SFTP must be allowed on all client hosts.
- SUDO (on client hosts)
SSH Controls consists of:
- A generated SSH public/private key pair for each end-user:
- The private key is located on the end-user’s computer/device or source host.
- The public key should be located at a pre-configured location on each of the client hosts (also referred to as the SSH Controls local repository)
- A set of master configuration files (aka the SSH Controls master repository):
access
: defines which persons (aka personal users or functional/technical accounts) should have access where (i.e. target host) and how (i.e. using which local OS account)alias
: defines aliases (aka groupings) for keys, users, hosts or other groups. These aliases may be referenced in theaccess
file.targets
: defines the list to which SSH Controls files should be distributed.keys
(file) /keys.d
(directory): can be either of- A file containing a pre-formatted list of public SSH keys
- A directory containing individual public SSH key files (grouped or singular)
fingerprints
: an on-demand generated list of SSH key fingerprints.
- A set of management scripts:
update_ssh.pl
: script to locally update & control the SSHauthorized_keys
filesmanage_ssh.sh
: script to distribute the SSH Controls files, create the fingerprints list or to trigger theupdate_ssh.pl
script remotely.convert_pubkey.pl
: script to convert SSH public keys into the right format.
- A correct working environment:
- A working SSH login for each of the client hosts (chicken-and-the-egg!)
- A running SSH agent that will propagate the maintainer’s private key to each of the client systems for remote access/control (see also the Master to slave operations topic for more information on this).
- Pre-configured SUDO rules for the SSH Controls on each of the client systems. You can use SUDO Controls for this purpose
Leave a comment