Home -> Toolkit -> Docs -> Development -> 3.9.4 -> Security -> Openssh

GT 3.9.4 Development Release Notes for GSI-OpenSSH

• Component Overview
• Feature Summary
• Bug Fixes
• Known Problems
• Technology Dependencies
• Tested Platforms
• Backward Compatibility Summary
• For More Information

Component Overview

GSI-OpenSSH is a modified version of OpenSSH that adds support for X.509 proxy certificate authentication and delegation, providing a single sign-on remote login and file transfer service. GSI-OpenSSH can be used to login to remote systems and transfer files between systems without entering a password, relying instead on a valid proxy credential for authentication. GSI-OpenSSH forwards proxy credentials to the remote system on login, so commands requiring proxy credentials (including GSI-OpenSSH commands) can be used on the remote system without the need to manually create a new proxy credential on that system.

Feature Summary

Features new in release 3.9.4

• This is the first Globus Toolkit release that includes GSI-enabled OpenSSH.

Other Supported Features

• The gsissh command provides a secure remote login service with forwarding of X.509 proxy credentials.
• The gsiscp and gsisftp commands provide a secure file transfer service, authenticated with X.509 proxy credentials, mimicking the rcp/scp and ftp/sftp commands.
• All standard OpenSSH features are supported, excluding Kerberos authentication. Kerberos authentication is not compatible with GSI-enabled OpenSSH.
• The GSI-OpenSSH server can replace the standard system SSH server in typical environments.
• If no username is given on the command-line, GSI-OpenSSH automatically determines the username that corresponds to the X.509 proxy certificate subject in the server's grid-mapfile.

Deprecated Features

• None

Bug Fixes

This is the first release of the Globus Toolkit that includes GSI-enabled OpenSSH.

Known Problems

None.

Technology Dependencies

GSI-enabled OpenSSH depends on the following GT components:

• Pre-WS Authentication and Authorization

GSI-enabled OpenSSH depends on the following 3rd party software:

• None

Tested Platforms

Tested Platforms for [component name]

• platform #1
• ...
• platform #n

Backward Compatibility Summary

Protocol changes since GT version 3.2

• GSI-enabled OpenSSH was not included in GT 3.2.

API changes since GT version 3.2

• GSI-enabled OpenSSH was not included in GT 3.2.

Exception changes since GT version 3.2

• Not applicable

Schema changes since GT version 3.2

• Not applicable

For More Information

Click here for more information about this component.