LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
Figure 16 ssh host key management infrastructure
Host A
ssh key
Host A
Host B
ssh key
Host B
ldaphostmgr
sshd
ssh key
ssh
LDAP-UX
LDAP Server
The LDAP directory server includes an SSL certificate. The LDAP-UX library of Host A has a copy
of that certificate. When ssh attempts to validate the public key of the remote host Host B, it connects
through a library in LDAP-UX. LDAP-UX is configured to securely communicate with the LDAP
directory server and to discover keys for the requested hosts. LDAP-UX utilities such as ldaphostmgr
and ldaphostlist can be used to manage those keys in the directory server, from any host
configured with LDAP-UX (such as Host B, in the figure). Those utilities can also manage information
about any remote host, including the ability to replace or update its keys.
8.1.2 Secure framework
For ssh to determine if the remote host is trusted, ssh must know about the remote host’s private
key so it can compare that key with the key presented when ssh connects with the remote host.
The toolset normally stores these keys in either a host-local known_hosts file (/opt/ssh/etc/
ssh_known_hosts) or in the user’s personal known_hosts file. To avoid allowing users to
make decisions whether a remote host should be trusted, some administrators try to predistribute
these keys periodically to the host-local ssh known_hosts file. However, this process encounters
scalability problems as the number of hosts grows.
To eliminate this distribution process, the LDAP directory server can be used to store and manage
host public keys in a central repository. And LDAP-UX offers tools to manage this information, either
centrally or on each host being managed.
Because the LDAP repository contains the public keys of the hosts, the LDAP directory server itself
must be trusted to assure that the user can trust the remote host’s identity. The information stored
in that directory server must also be trusted. Fortunately, LDAP directory servers meet this requirement
well. LDAP directory servers have authentication and access control frameworks that can be used
to protect data managed in the directory server and that can help assure the data's validity.
In addition, LDAP directory servers support the SSL/TLS protocol, which can be used to protect
communication with the directory server and, more importantly, to assure the integrity of the data
transmitted from the directory and validate the identity of the directory server itself. While a CA
(certificate authority) certificate, or a certificate of the directory server itself, is still required to be
distributed to each host, distribution of a single CA certificate is a much more manageable task.
Instead of every user on every host having to validate trust with every other host connected to,
each host needs to trust only one thing: the directory server. With the LDAP-UX guided installation,
8.1 Overview 259