LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
8 Managing ssh host keys with LDAP-UX (HP directory
servers only)
Managing ssh host keys with LDAP-UX is supported in HP directory server environments only.
LDAP-UX B.05.00 introduces management of host attributes in the directory server. One of the
features integrated with host management is using an LDAP directory server as a trusted repository
for a host’s ssh public key.
ssh is a great protocol for both protecting data in transit (using encryption), and for validating trust
between two parties. However, establishing that trust relationship is a weak aspect of the default
ssh toolset. In order for two parties to securely communicate and identify each other, each must
know a shared secret, known only to each other, or they must know some other piece of public
information that can be used to prove the identity of the remote party. With ssh, both methods are
often used, such as using public keys to identify remote hosts.
However, as with all secure methods of communication, how are these secrets or public keys
initially shared? There’s always a bootstrapping problem to preestablish trust between parties. The
base ssh toolset leaves this exercise to the end users. In some organizations, administrators can
attempt to predistribute public keys of hosts within their organizations. But this often leads to a
scalability problem as the number of hosts in an organization increases. And as more services are
moving to virtualized hosts, this can become a significant cost to manage.
With LDAP-UX B.05.00, ssh key management can be centralized in a trusted directory server,
eliminating the need for end users to make decisions about the trustworthiness of a remote host
and greatly mitigating the scalability issue, compared with distributing keys manually.
8.1 Overview
The following sections provide an overview of managing ssh host keys with LDAP-UX.
8.1.1 How it works
As previously mentioned, in a basic ssh deployment, each user must to determine if a remote host
should be trusted. When establishing a session with a remote host for the first time, the user is
presented with a prompt. This prompt displays a “fingerprint” for the remote host’s public key and
asks if the user still wants to connect, and if the key should be trusted and placed in the user's
personal known_hosts file. Given the average user’s motivation to continue working and limited
ability to determine if the remote host’s fingerprint is correct, users frequently just reply yes to the
prompt, uncertain if the remote host is the true host, or if there's a risk of a man-in-the-middle attack.
Starting with LDAP-UX B.05.00 and HP Secure Shell A.05.50 or later, this burden on the end user
is removed. By managing host and public key information in the directory server, ssh itself can
verify the correctness of the remote public key, and therefore determine if a trusted connection can
be established. And given that private information often travels across this connection, that trust is
critical.
When LDAP is used as a repository for managing ssh host keys, the infrastructure shown in Figure 16
(page 259) is established:
258 Managing ssh host keys with LDAP-UX (HP directory servers only)