GT 5.0.5: GSI-OpenSSH


GSI-OpenSSH is a modified version of OpenSSH that adds support for X.509 proxy certificate authentication and delegation, providing a single sign-on remote login and file transfer service. GSI-OpenSSH can be used to login to remote systems and transfer files between systems without entering a password, relying instead on a valid proxy credential for authentication. GSI-OpenSSH forwards proxy credentials to the remote system on login, so commands requiring proxy credentials (including GSI-OpenSSH commands) can be used on the remote system without the need to manually create a new proxy credential on that system. For more information about GSI-OpenSSH, see the GSI-OpenSSH Home Page.

The following guides are available for this component:
Security Key Concepts For important general concepts. [pdf]
Admin Guide For system administrators and those installing, building and deploying GT. You should already have read the Installation Guide and Quickstart. [pdf]
User's Guide Describes how end-users typically interact with this component. Be sure to also read the GT User Guide for important general information for end-users. [pdf]
Developer's Guide Reference and usage scenarios for developers. [pdf]
Other information available for this component are:
Release Notes What's new with the 5.0.5 release for this component. [pdf]
Public Interface Guide Information for all public interfaces (including APIs, commands, etc). Please note this is a subset of information in the Developer's Guide. [pdf]
Quality Profile Information about test coverage reports, etc. [pdf]
Migrating Guide Information for migrating to this version if you were using a previous version of GT. [pdf]
All GSI-OpenSSH Guides (PDF only)Includes all GSI-OpenSSH guides except Public Interfaces (which is a subset of the Developer's Guide)

Glossary

P

proxy certificate

A short lived certificate issued using a EEC. A proxy certificate typically has the same effective subject as the EEC that issued it and can thus be used in its place. GSI uses proxy certificates for single sign on and delegation of rights to other entities.

For more information about types of proxy certificates and their compatibility in different versions of GT, see http://dev.globus.org/wiki/Security/ProxyCertTypes.

proxy credentials

The combination of a proxy certificate and its corresponding private key. GSI typically stores proxy credentials in /tmp/x509up_u<uid> , where <uid> is the user id of the proxy owner.