Table of Contents
GSI-OpenSSH is a modified version of OpenSSH that adds support for X.509 proxy certificate authentication and delegation, providing a single sign-on remote login and file transfer service. GSI-OpenSSH can be used to login to remote systems and transfer files between systems without entering a password, relying instead on a valid proxy credential for authentication. GSI-OpenSSH forwards proxy credentials to the remote system on login, so commands requiring proxy credentials (including GSI-OpenSSH commands) can be used on the remote system without the need to manually create a new proxy credential on that system.
Features new in GT 4.0
- This is the first Globus Toolkit release that includes GSI-enabled OpenSSH.
Other Supported Features
- The gsissh command provides a secure remote login service with forwarding of X.509 proxy credentials.
- The gsiscp and gsisftp commands provide a secure file transfer service authenticated with X.509 proxy credentials, mimicking the rcp/scp and ftp/sftp commands.
- All standard OpenSSH features are supported, excluding Kerberos authentication. Kerberos authentication is not compatible with GSI-enabled OpenSSH.
- The GSI-OpenSSH server can replace the standard system SSH server in typical environments.
- If no username is given on the command-line, GSI-OpenSSH automatically determines the username that corresponds to the X.509 proxy certificate subject in the server's
grid-mapfile
.Deprecated Features
- None
Usability improvements for GSI-OpenSSH:
- This is the first Globus Toolkit release to include GSI-OpenSSH.
Protocol changes since GT 3.2
- GSI-enabled OpenSSH was not included in GT 3.2.
API changes since GT 3.2
- GSI-enabled OpenSSH was not included in GT 3.2.
Exception changes since GT 3.2
- Not applicable
Schema changes since GT 3.2
- Not applicable
GSI-enabled OpenSSH depends on the following GT components:
- Pre-WS Authentication and Authorization
GSI-enabled OpenSSH depends on the following 3rd party software:
Associated standards for GSI-OpenSSH:
- The latest draft of the SSH GSSAPI protocol specification is available from the IETF Secure Shell (secsh) Working Group
- RFC 2743 GSSAPI
- RFC 2744 GSSAPI: C-bindings
Click here for more information about this component.