Home -> Toolkit -> Docs -> Development -> 3.9.4 -> Security -> Openssh

GT 3.9.4 Component Fact Sheet: Utilities - GSI-OpenSSH

• Brief overview
• Summary of features
• Backward compatibility summary
• Technology dependencies
• Tested platforms

Brief overview

GSI-OpenSSH is a modified version of OpenSSH that adds support for X.509 proxy certificate authentication and delegation, providing a single sign-on remote login and file transfer service. GSI-OpenSSH can be used to login to remote systems and transfer files between systems without entering a password, relying instead on a valid proxy credential for authentication. GSI-OpenSSH forwards proxy credentials to the remote system on login, so commands requiring proxy credentials (including GSI-OpenSSH commands) can be used on the remote system without the need to manually create a new proxy credential on that system.

Summary of features

Features new in release 3.9.4

• This is the first Globus Toolkit release that includes GSI-enabled OpenSSH.

Other Supported Features

• The gsissh command provides a secure remote login service with forwarding of X.509 proxy credentials.
• The gsiscp and gsisftp commands provide a secure file transfer service, authenticated with X.509 proxy credentials, mimicking the rcp/scp and ftp/sftp commands.
• All standard OpenSSH features are supported, excluding Kerberos authentication. Kerberos authentication is not compatible with GSI-enabled OpenSSH.
• The GSI-OpenSSH server can replace the standard system SSH server in typical environments.
• If no username is given on the command-line, GSI-OpenSSH automatically determines the username that corresponds to the X.509 proxy certificate subject in the server's grid-mapfile.

Deprecated Features

• None

Backward compatibility summary

Protocol changes since GT version 3.2

• GSI-enabled OpenSSH was not included in GT 3.2.

API changes since GT version 3.2

• GSI-enabled OpenSSH was not included in GT 3.2.

Exception changes since GT version 3.2

• Not applicable

Schema changes since GT version 3.2

• Not applicable

Technology dependencies

GSI-enabled OpenSSH depends on the following GT components:

• Pre-WS Authentication and Authorization

GSI-enabled OpenSSH depends on the following 3rd party software:

• None

Tested platforms

Tested Platforms for [component name]

• platform #1
• ...
• platform #n