This document is a work-in-progress and applies to this development release. The latest drafts of docs can be found in the Development Documentation directory. You are strongly encouraged to file bugs for both the development documentation and software on our Bugzilla page. We appreciate your participation.

GT 3.9.3 Development Release Notes for GSI-OpenSSH

Component Overview

GSI-OpenSSH is a modified version of OpenSSH that adds support for X.509 proxy certificate authentication and delegation, providing a single sign-on remote login and file transfer service. GSI-OpenSSH can be used to login to remote systems and transfer files between systems without entering a password, relying instead on a valid proxy credential for authentication. GSI-OpenSSH forwards proxy credentials to the remote system on login, so commands requiring proxy credentials (including GSI-OpenSSH commands) can be used on the remote system without the need to manually create a new proxy credential on that system.

Feature Summary

Features new in release 3.9.3

  • This is the first Globus Toolkit release that includes GSI-enabled OpenSSH.

Other Supported Features

  • The gsissh command provides a secure remote login service with forwarding of X.509 proxy credentials.
  • The gsiscp and gsisftp commands provide a secure file transfer service, authenticated with X.509 proxy credentials, mimicking the rcp/scp and ftp/sftp commands.
  • All standard OpenSSH features are supported, excluding Kerberos authentication. Kerberos authentication is not compatible with GSI-enabled OpenSSH.
  • The GSI-OpenSSH server can replace the standard system SSH server in typical environments.
  • If no username is given on the command-line, GSI-OpenSSH automatically determines the username that corresponds to the X.509 proxy certificate subject in the server's grid-mapfile.

Deprecated Features

  • None

Bug Fixes

This is the first release of the Globus Toolkit that includes GSI-enabled OpenSSH.

Known Problems

None.

Technology Dependencies

GSI-enabled OpenSSH depends on the following GT components:

  • Pre-WS Authentication and Authorization

GSI-enabled OpenSSH depends on the following 3rd party software:

  • None

Tested Platforms

Tested Platforms for [component name]

  • platform #1
  • ...
  • platform #n

Backward Compatibility Summary

Protocol changes since GT version 3.2

  • GSI-enabled OpenSSH was not included in GT 3.2.

API changes since GT version 3.2

  • GSI-enabled OpenSSH was not included in GT 3.2.

Exception changes since GT version 3.2

  • Not applicable

Schema changes since GT version 3.2

  • Not applicable

For More Information

Click here for more information about this component.

 

 

This document is a work-in-progress and applies to this development release. The latest drafts of docs can be found in the GT4 Documentation Roadmap.

You are strongly encouraged to file bugs for both the development documentation and software on our Bugzilla page.

Consider joining a new discussion list called gt4-friends@globus.org to exchange ideas about GT4 development, such as documentation and testing. To subscribe to gt4-friends, send an email to majordomo@globus.org which contains the words "subscribe gt4-friends" in the message body. You must subscribe to gt4-friends in order to send mail to it. We appreciate your participation.