DSSH

Juraj Bednár

● SSH clients allow for a simple kind of “VPN access”

● access control

● channel protection through cryptography

● Not well suited for “traversing through VPNs”

● I have to login to our company's server

● Then I can login to a customer's firewall (or use a VPN)

● From there I can login to the server

The problem

● What if I need to restart application on ten servers?

● In addition, there's PermitRootLogin no

● Passwords are (of course) different on each server

● I have to decrypt the passwords (I can't remember passwords for

hundreds of servers), do an ssh, login through key, type “su -”, cut &

paste the password

● Takes me tens of minutes

The problem

● Enter DSSH

● Secure storage of key material through dssh-agent (much more

secure than ssh-agent)

● Scriptable

● In the end

● Populate agent with material (one script involving gpg)

● for i in 1 2 3 4 5 6 7 8 9 10;do dssh root@server${i} svcadm refresh

applicationname; done

The solution: DSSH

● It is not always possible to use public key cryptography for

authentication

● PermitRootLogin no

● Some devices (network infrastructure) have no support for keys

● Administrator does not need to know the passwords, he needs

them properly used at the right time

● Randomly generated passwords (different for each server)

DSSH: Authentication

● DSSH<->Agent mutual authentication using X.509 certificates

● Agent never reveals private key

● DSSH client on your (trusted) machine does the key validation (even

if it's forwarded) and then decides if it will communicate with the server

(unlike ssh-agent from OpenSSH)

DSSH: Authentication

● Scriptability through the use of BeanShell

● Authentication, target server and how to connect there fully scriptable

● Can have “internal hostnames”, that are resolved by script

● Different paths for different servers

● Some servers need to use “su” or “ena” for leveraging privileges

● Logging and auditing support (root is root, but who used that

privilege?)

DSSH: scriptability

● Uses Java (no buffer overflows, no integer overflows, ...)

● Uses JCA (well-audited cryptography standards implementation)

● Is open-source

● Uses proven Java SSH library (used by Google or JetBrains)

● Passwords don't matter at all -> can be changed by script

● Needs only terminal emulator (xterm, linux console, mac os x

terminal) => works almost everywhere (haven't tried on Windows'

xterm or putty)

DSSH: portability and security

● People know what we use to access their servers

● Better quality of libraries and code (if we write code just for us, the

“let's document it later” approach will prevail)

● We use a lot of open-source in DSSH, let's give something back

● DSSH uses code from OpenSSH, Trilead-SSH, BeanShell, Java,

GNU GetOpt, OpenCSV – we build on open technologies

DSSH: Why Open-Source?

● Started as a tiny project, now supports most of the standard ssh

features (port forwarding, scp, ...)

● Switched from Groovy to Beanshell, cut startup time to a third (the

rest is Java), project size and memory footprint from 2.2MB to 500KB

● Future: Auditing “transit server” that records session for auditability

purposes

● Users never ever store key material (other than their X.509 certificate)

on their computers, even in encrypted form

History and future

Questions?

http://opensource.digmia.com/

Thank you