LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

191

192

193

194

195

196

197

198

199

200

6 Managing ssh host keys with LDAP-UX

LDAP-UX B.05.00 introduces management of host attributes in the directory server. One of the

features integrated with host management is using an LDAP directory server as a trusted

repository for a host’s ssh public key.

ssh is a great protocol for both protecting data in transit (using encryption), and for validating

trust between two parties. However, establishing that trust relationship is a weak aspect of the

default ssh toolset. In order for two parties to securely communicate and identify each other,

each must know a shared secret, known only to each other, or they must know some other piece

of public information that can be used to prove the identity of the remote party. With ssh, both

methods are often used, such as using public keys to identify remote hosts.

However, as with all secure methods of communication, how are these secrets or public keys

initially shared? There’s always a bootstrapping problem to pre-establish trust between parties.

The base ssh toolset leaves this exercise to the end users. In some organizations, administrators

can attempt to pre-distribute public keys of hosts within their organizations. But this often leads

to a scalability problem as the number of hosts in an organization increases. And as more services

are moving to virtualized hosts, this can become a significant cost to manage.

With LDAP-UX B.05.00, ssh key management can be centralized in a trusted directory server,

eliminating the need for end users to make decisions about the trustworthiness of a remote host

and greatly mitigating the scalability issue, compared with distributing keys manually.

6.1 Overview

The following sections provide an overview of managing ssh host keys with LDAP-UX.

6.1.1 How it works

As previously mentioned, in a basic ssh deployment, each user must to determine if a remote

host should be trusted. When establishing a session with a remote host for the first time, the user

is presented with a prompt. This prompt displays a “fingerprint” for the remote host’s public

key and asks if the user still wants to connect, and if the key should be trusted and placed in the

user's personal known_hosts file. Given the average user’s motivation to continue working

and limited ability to determine if the remote host’s fingerprint is correct, users frequently just

reply yes to the prompt, uncertain if the remote host is the true host, or if there's a risk of a

man-in-the-middle attack.

Starting with LDAP-UX B.05.00 and HP Secure Shell A.05.50 or higher, this burden on the end

user is removed. By managing host and public key information in the directory server, ssh itself

can verify the correctness of the remote public key, and therefore determine if a trusted connection

can be established. And given that private information often travels across this connection, that

trust is critical.

When LDAP is used as a repository for managing ssh host keys, the infrastructure shown in

Figure 6-1 (page 194) is established:

6.1 Overview 193