Child pages
  • Draft "pain of SSH" survey
Skip to end of metadata
Go to start of metadata

Who to send the survey:
LIGO
iPlant
Neon
OOI
DataOne
Planetlab
FutureGrid?

The intent of this survey is to develop a small but comprehensive set of use cases to drive further work in "reducing the pain of SSH".

"Reducing the pain of SSH" is scoped broadly, including not only shell access by users, but higher level services and applications that integrate with SSH.

1. Basic questions:

What are your current practices for access to remote resources via ssh?

  • identity vetting and delivery of credentials
  • provisioning and deprovisioning associated accounts
  • transfer of attributes
  • key or cert generation and use
  • how resource access is managed, eg, groups and permissions

What technologies are used to do these things?

Are there any variations for non-people (devices, workflows, processes, etc.)?

Where are the pain points in your current approach?

What would you most like to change about this?

2. Specific questions

What functions today use SSH? Do they use keys or other forms of remote channel control?

Remote login
Submit jobs
Manage files
File access
other

For remote login, what clients are used and do use GSS underneath?

OpenSSH
GSISSH (used by TeraGrid & CILogin, for example)
Putty
other

3. Policy and access controls

Who gets to decide who gets what access to which resources?

Is the implementation of such decisions automated or manual?

What are your Level Of Assurance needs?

4. How high up your list of concerns is managing SSH? Do you plan to continue using SSH as a primary tool? What are your top 1-3 concerns regarding technical tools or specific technologies?


Abandoned bits:

discovery (directing a user back to the authenticating location),

How is decided what resources users get accounts on? Is that automated or manual?

How is it decided what group ids are provisioned into those accounts and what files can be accessed. Is that automated or manual?

Can the accounts on the target systems be automatically provisioned and deprovisioned? If deprovisioned, what triggers it?

  • No labels