LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

191

192

193

194

195

196

197

198

199

200

Figure 6-1 ssh host key management infrastructure

LDAP Server

Host A

sshKey

Host A

Host B

sshKey

Host B

ldaphostmgr

sshd

ssh key

ssh

LDAP-UX

The LDAP directory server includes an SSL certificate. The LDAP-UX library of Host A has a

copy of that certificate. When ssh attempts to validate the public key of the remote host Host B,

it connects through a library in LDAP-UX. LDAP-UX is configured to securely communicate

with the LDAP directory server and to discover keys for the requested hosts. LDAP-UX utilities

such as ldaphostmgr and ldaphostlist can be used to manage those keys in the directory

server, from any host configured with LDAP-UX (such as Host B, in the figure). Those utilities

can also manage information about any remote host, including the ability to replace or update

its keys.

6.1.2 Secure framework

For ssh to determine if the remote host is trusted, ssh must know about the remote host’s private

key so it can compare that key with the key presented when ssh connects with the remote host.

The toolset normally stores these keys in either a host-local known_hosts file (/opt/ssh/etc/

ssh_known_hosts) or in the user’s personal known_hosts file. To avoid allowing users to

make decisions whether a remote host should be trusted, some administrators try to pre-distribute

these keys periodically to the host-local ssh known_hosts file. However, this process encounters

scalability problems as the number of hosts grows.

To eliminate this distribution process, the LDAP directory server can be used to store and manage

host public keys in a central repository. And LDAP-UX offers tools to manage this information,

either centrally or on each host being managed.

Because the LDAP repository contains the public keys of the hosts, the LDAP directory server

itself must be trusted to assure that the user can trust the remote host’s identity. And the

information stored in that directory server must also be trusted. Fortunately, LDAP directory

servers meet this requirement well. LDAP directory servers have authentication and access

control frameworks that can be used to protect data managed in the directory server and help

assure its validity. And LDAP directory servers also support the SSL/TLS protocol, which can

not only be used to protect communication with the directory server but, more importantly, to

assure the integrity of the data transmitted from the directory and validate the identity of the

directory server itself. While a CA (certificate authority) certificate, or a certificate of the directory

server itself, is still required to be distributed to each host, distribution of a single CA certificate

is a much more manageable task. Instead of every user on every host having to validate trust

with every other host connected to, each host needs to trust only one thing: the directory server.

194 Managing ssh host keys with LDAP-UX