About
One of the capabilities of MyAccessID is providing reliable short-lived SSH certificates for MyAccessID users on request.
MyAccessID provides this capability through the external SSH CA service deployed by the Danish e-Infrastructure Consortium (DeIC).
These pages should provide necessary support for usage of this capability as a user of MyAccessID or the Infrastructure connected to MyAccessID.
List of pages
Description
The SSH Certificate is a signed SSH public key by a trusted Certification Authority. It will contain the SSH key and metadata about the certificate and user's identity.
SSH certificates fix many common problems of standard SSH keys, for example:
- A user is no longer responsible for creating and managing his SSH keys by himself.
- The key has a limited lifetime (validity).
- The SSH certificate can contain other metadata (about the owner, limited scopes of usage, etc.)
The biggest advantage of this solution is the standard support of SSH certificates in the vanilla environment of infrastructures.
Who can use it?
The Federated SSH CA capability is provided for all users and infrastructures connected to MyAccessID.
Infrastructures
Infrastructures can set up their environment to support users' access from MyAccessID using provided SSH certificates.
They need to establish a configuration for their hosts/resources to accept valid SSH certificates from the MyAccessID SSH Certification Authority and provide access to local accounts on the basis of mapping to the MyAccessID Identifier of a user.
Users
Any user registered in MyAccessID can request a short-lived SSH certificate using one of the available supported CLIs or by any third-party tool able to support OIDC device-code flow.