User key management for the secure shell (SSH)
First Claim
Patent Images
1. An apparatus, comprising:
- at least one processor; and
at least one memory including instructions which when executed by the at least one processor, cause the apparatus to manage security related keys, the security related keys being utilized between a first managed host having a client and a second managed host having a server,wherein, in order to manage the security related keys, the at least one memory includes further instructions which, when executed by the at least one processor, further cause the apparatus to;
install a security related key as an authorized security related key for the second managed host for securing communications with the first managed host, andwherein, in order to cause a security related key to be installed, the at least one memory includes further instructions which, when executed by the at least one processor, further cause the apparatus to;
insert a request to install the security related key as an authorized security related key in a pending request data set;
determine if a window where the request is allowed to be processed is open; and
after determining that the window where the request is allowed to be processed is open, process the request, the processing comprising sending a request to install the security related key for the second managed host,wherein the at least one memory includes further instructions which, when executed by the at least one processor, cause the apparatus to create a new passwordless login connection,wherein, in order to create the new passwordless login connection, the at least one memory includes further instructions which, when executed by the at least one processor, further cause the apparatus to;
add an identification of a certificate authority that is accepted for authentication in a configuration file used by a secure shell (SSH) implementation; and
add a principal name used in a certificate in the configuration file used by the SSH implementation to identify a user that is permitted to authenticate to an account using the certificate issued by the certificate authority.
1 Assignment
0 Petitions
Accused Products
Abstract
Management of user keys for public key authentication using the SSH in large SSH deployments is automated by deploying a management system in the environment, discovering SSH identity keys and authorized keys, analyzing authorized connections between user accounts, and automatically managing the authorized connections and the key pairs used for authentication.
-
Citations
28 Claims
-
1. An apparatus, comprising:
-
at least one processor; and at least one memory including instructions which when executed by the at least one processor, cause the apparatus to manage security related keys, the security related keys being utilized between a first managed host having a client and a second managed host having a server, wherein, in order to manage the security related keys, the at least one memory includes further instructions which, when executed by the at least one processor, further cause the apparatus to; install a security related key as an authorized security related key for the second managed host for securing communications with the first managed host, and wherein, in order to cause a security related key to be installed, the at least one memory includes further instructions which, when executed by the at least one processor, further cause the apparatus to; insert a request to install the security related key as an authorized security related key in a pending request data set; determine if a window where the request is allowed to be processed is open; and after determining that the window where the request is allowed to be processed is open, process the request, the processing comprising sending a request to install the security related key for the second managed host, wherein the at least one memory includes further instructions which, when executed by the at least one processor, cause the apparatus to create a new passwordless login connection, wherein, in order to create the new passwordless login connection, the at least one memory includes further instructions which, when executed by the at least one processor, further cause the apparatus to; add an identification of a certificate authority that is accepted for authentication in a configuration file used by a secure shell (SSH) implementation; and add a principal name used in a certificate in the configuration file used by the SSH implementation to identify a user that is permitted to authenticate to an account using the certificate issued by the certificate authority. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of managing security related keys, the security related keys being utilized between a first managed host having a client and a second managed host having a server, the method comprising:
-
installing a security related key as an authorized security related key for the second managed host for securing communications with the first managed host, the installation including; inserting a request to install the security related key as an authorized security related key in a pending request data set; determining if a window where the request is allowed to be processed-is open; and after determining that the window where the request is allowed to be processed is open, processing the request, the processing comprising sending a request to install the security related key for the second managed host; creating a new passwordless login connection, the creating including; adding an identification of a certificate authority that is accepted for authentication in a configuration file used by a secure shell (SSH) implementation; and adding a principal name used in a certificate in the configuration file used by the SSH implementation to identify a user that is permitted to authenticate to an account using the certificate issued by the certificate authority. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable medium comprising program code for causing a computer to perform:
-
managing security related keys, said the security related keys utilized between a first managed host having a client and a second managed host having a server, wherein the managing comprises; installing a security related key as an authorized security related key for the second managed host for securing communications with the first managed host, the installing including; inserting a request to install the security related key as an authorized security related key in a pending request data set; and determining if a window where the request is allowed to be processed is open; and after determining that the window where the request is allowed to be processed is open, processing the request, the processing comprising sending a request to install the public key for the second managed host, wherein the computer program code further causes the computer to perform instructions for creating the new passwordless login connection, the creating comprising;
adding an identification of a certificate authority that is accepted for authentication in a configuration file used by a secure shell (SSH) implementation; andadding a principal name used in a certificate in the configuration file used by the SSH implementation to identify a user that is permitted to authenticate to an account using the certificate issued by the certificate authority. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification