sshGate WWW . LINAGORA . COM
Plan I. S ERVER ACCESS PROBLEMS SSH G ATE PRESENTATION II. III. SSH G ATE INTERNAL T HURSDAY , J ULY 28 TH , 2011 P AGE 2 / 35
About me Patrick GUIRAN T HURSDAY , J ULY 28 TH , 2011 P AGE 3 / 35
Plan I. S ERVER ACCESS PROBLEMS SSH G ATE PRESENTATION II. III. SSH G ATE INTERNAL T HURSDAY , J ULY 28 TH , 2011 P AGE 2 / 35
I. Server access problem Information system THE ¡admin ¡ T HURSDAY , J ULY 28 TH , 2011 P AGE 5 / 35
I. Server access problem Information system THE ¡admin ¡ T HURSDAY , J ULY 28 TH , 2011 P AGE 6 / 35
I. Server access problem Information system THE ¡admin ¡ T HURSDAY , J ULY 28 TH , 2011 P AGE 7 / 35
I. Server access problem Information system THE ¡admin ¡ T HURSDAY , J ULY 28 TH , 2011 P AGE 8 / 35
I. Server access problem Access through different ways § Access with password • Pick up from an LDAP/Kerberos/…. • Can be found on « post-it » J • Can be shared between many administrators • …or only one administrator has all passwords § Access with keys • Who does this key belong to? • Add my friend’s keys § Access to the all servers § Even business-critical servers (mail, database) • …to everyone unconditionally T HURSDAY , J ULY 28 TH , 2011 P AGE 9 / 35
I. Server access problem Accesses managment § Arrival and Departure of an administrator ? § Who has access to a server ? (simple to answer) § Which server does an administrator have access to ? (complex) • « Simple » when the administrator has access to all servers J • Good administrator : « It’s so simple ! » (really ?) user_sshkey=$( cat user-sshkey.pub ) for serveur in $( cat list server.txt ) ; do ssh $serveur 'cat ~/.ssh/authorized_keys2?' \ | grep ${user_sshkey} >/dev/null [ $? eq 0 ] && echo ”${serveur}” done � § Who grants and restricts access ? T HURSDAY , J ULY 28 TH , 2011 P AGE 10 / 35
I. Server access problem Our needs § Must have ü Use ssh protocol ü Use keys authentification ü No user’s keys on administrated servers ü Unified access control list (ACL) § Nice to have ü Log connection’s events ü Record user’s SSH session ü Notification of administration events T HURSDAY , J ULY 28 TH , 2011 P AGE 11 / 35
I. Server access problem Look for an existing solution q Wallix AdminBastion • Solution from France, closed source + licence, support ssh/telnet/rdp q Observe-it • Solution from USA, closed source + licence, support ssh/telnet/rdp q sshProxy • Open-source (GPLv2), python, specific client software • Dead since 2008(?), unable to download the project on its website q AdminProxy • Open-source, sponsored by the French Government • Support by Wallix, Mandriva, and university Paris 6 • 2 years project, should be ended in sept 2010 • Where is the repository ? L T HURSDAY , J ULY 28 TH , 2011 P AGE 12 / 35
I. Server access problem Search Result § No solution • Too expensive • Requires wide installation • Not found ➫ Development of de sshGate ! • Free and open-source • Make it quick • Simple T HURSDAY , J ULY 28 TH , 2011 P AGE 13 / 35
I. Server access problem Limitations & Challenges § Use existing tools : OpenSSH & PuTTY • No installation required on administrated servers • No installation required on client system § Cross-platforms • sshGate server • Administrated servers • Client computers § No patch on sshGate server (no sshd patches) § Simple, with less dependency (no SQL-database, …) T HURSDAY , J ULY 28 TH , 2011 P AGE 14 / 35
Sommaire I. S ERVER ACCESS PROBLEMS SSH G ATE PRESENTATION II. III. SSH G ATE INTERNAL T HURSDAY , J ULY 28 TH , 2011 P AGE 15 / 35
II. sshGate presentation Global view T HURSDAY , J ULY 28 TH , 2011 P AGE 16 / 35
II. sshGate presentation Functionalities ü Support SSH sessions & SCP file transfers ü ACL management centralization (users, groups) ü Management of server name aliases ü Multi-login support ü SSH configuration support (global and per server - login) ü Log connection’s events ü Record SSH sessions ü CLI administration interface T HURSDAY , J ULY 28 TH , 2011 P AGE 17 / 35
II. sshGate presentation Characteristics § Licence : GPLv2+ § Language : Shell Script (sh, dash, bash, zsh) § Cross-platforms : • For servers : Linux, Solaris, *BSD • For clients : Linux, MacOS, Windows/Putty T HURSDAY , J ULY 28 TH , 2011 P AGE 18 / 35
II. sshGate presentation History § Born of sshGate : August 2010 § First usage in production : September 2010 § Versions : • Production : 0.1 • Trunk : 0.2 • Version 1.0 release this summer T HURSDAY , J ULY 28 TH , 2011 P AGE 19 / 35
II. sshGate presentation sshGate usage at Linagora § Some numbers • 61 users • 10 user groups • 161 administrated systems • 214 server aliases § Accesses • 96 group accesses • 103 user accesses § During the 6 last months • 2063 SCP transfers • 16568 SSH sessions T HURSDAY , J ULY 28 TH , 2011 P AGE 20 / 35
II. sshGate presentation Known bugs § DOS : flood logs until disk full user@host $ cat /dev/random � # flood :( � One solution : if the growth velocity of big logfile is too high, kill the connection § It’s possible to hide some commands user@host $ read s var � � # rm rf * � user@host $ eval "${var}" � # Ouch ! � This is not a bug. sshGate doesn’t log keyboard events, and will never do it ! T HURSDAY , J ULY 28 TH , 2011 P AGE 21 / 35
II. sshGate presentation Roadmap DOS protection July August Sept In the future • Packaging : Solaris, FreeBSD, Fedora, arch telnet support • Web administration interface • OpenSSH certificate support Debian Packaging • LDAP support T HURSDAY , J ULY 28 TH , 2011 P AGE 22 / 35
Sommaire I. S ERVER ACCESS PROBLEMS SSH G ATE PRESENTATION II. III. SSH G ATE INTERNAL T HURSDAY , J ULY 28 TH , 2011 P AGE 23 / 35
III. sshGate internal Session opening steps (1/4) § Connect ¡ to sshGate server via SSH • Check that the user SSH key exists in authorized_keys � • Launch sshgate-bridge � T HURSDAY , J ULY 28 TH , 2011 P AGE 24 / 35
III. sshGate internal Session opening steps (2/4) § Parse ¡ SSH_ORIGINAL_COMMAND ¡: ¡ • Determine the action : ssh or scp ? Remote command ? • Extract and check the target host, the user wants to administrate, with ACL T HURSDAY , J ULY 28 TH , 2011 P AGE 25 / 35
III. sshGate internal Session opening steps (3/4) § Launch sshclient : <ssh-login>@<target> (<command>) • Use known_hosts to check target host identity • Use configured parameters (ssh_config, ssh key) T HURSDAY , J ULY 28 TH , 2011 P AGE 26 / 35
III. sshGate internal Session opening steps (4/4) § Connection is established T HURSDAY , J ULY 28 TH , 2011 P AGE 27 / 35
III. sshGate internal Administration CLI T HURSDAY , J ULY 28 TH , 2011 P AGE 28 / 35
III. sshGate internal Entity-relationship model T HURSDAY , J ULY 28 TH , 2011 P AGE 29 / 35
III. sshGate internal Architecture T HURSDAY , J ULY 28 TH , 2011 P AGE 30 / 35
III. sshGate internal ScriptHelper Library § Shell script toolkit • Allow to write script quicker • Want to be POSIX compliant (as much as possible) § List of some of them : • exec.lib.sh : run command with checks, rollback capability • ask.lib.sh : ask question easily • cli.lib.sh : build a CLI • conf.lib.sh : build and use configuration file • mutex.lib.sh / lock.lib.sh : lock and mutex managment • record.lib.sh : record and play shell session • ... T HURSDAY , J ULY 28 TH , 2011 P AGE 31 / 35
III. sshGate internal ask.lib.sh usage ASK ASK SSHGATE_TARGETS_DEFAULT_SSH_LOGIN \ "What’s the default user account to use when connecting to target host ?" \ "${SSHGATE_TARGETS_DEFAULT_SSH_LOGIN}" CONF_SAVE CONF_SAVE SSHGATE_TARGETS_DEFAULT_SSH_LOGIN ASK ASK yesno yesno SSHGATE_MAIL_SEND \ "Activate mail notification system [Yes] ?" \ "Y” if [ "${SSHGATE_MAIL_SEND}" = 'Y' ]; then ASK ASK SSHGATE_MAIL_TO \ "Who will receive mail notification (comma separated mails) ?" \ "${SSHGATE_MAIL_TO}" [ z "${SSHGATE_MAIL_TO}" ] && SSHGATE_MAIl_SEND=’N’ fi CONF_SAVE CONF_SAVE SSHGATE_MAIL_SEND CONF_SAVE CONF_SAVE SSHGATE_MAIL_TO T HURSDAY , J ULY 28 TH , 2011 P AGE 32 / 35
Recommend
More recommend