EPISODE · Sep 26, 2024 · 38 MIN
SSH authentication using user and machine identities (asg2024)
from Chaos Computer Club - archive feed · host Morten Linderud
Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen. In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this with identity claims from SSO providers to provide a centrally managed short-lived SSH certificates for users and their devices. This is implemented as an open-source project called “ssh-tpm-ca-authority”. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/JCJ9YT/
What this episode covers
Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen. In this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this with identity claims from SSO providers to provide a centrally managed short-lived SSH certificates for users and their devices. This is implemented as an open-source project called “ssh-tpm-ca-authority”. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/JCJ9YT/
NOW PLAYING
SSH authentication using user and machine identities (asg2024)
No transcript for this episode yet
Similar Episodes
Jun 9, 2026 ·50m
Jun 1, 2026 ·31m
May 25, 2026 ·39m
May 17, 2026 ·37m
May 8, 2026 ·39m
Apr 28, 2026 ·25m