SSH authentication using user and machine identities – Morten Linderud

Описание: Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.

In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this with identity claims from SSO providers to provide a centrally managed short-lived SSH certificates for users and their devices. This is implemented as an open-source project called “ssh-tpm-ca-authority”.

Morten Linderud:
Morten is a Open-Source developer and maintainer interested in supply-chain security, Linux distributions and user friendly security tools. The past decade he has contributed to projects like Arch Linux, Reproducible Builds, OpenSSF and the “Linux Userspace API” (UAPI) group. When he doesn’t spend his free time doing open-source development he works with devops at NRK.

------

BSides Oslo is an independent, community-driven inclusive information security conference. As a part of the global Security BSides network, the conference creates a space for members of the international and local information security communities to come together and share their knowledge and experiences. BSides Oslo is intended for anyone who works with, studies or has an in interest in infosec.