Secure Shell (SSH) Proxy for a Platform-as-a-Service System

US 20160226874A1
Filed: 02/04/2015
Published: 08/04/2016
Est. Priority Date: 02/04/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a processing device executing a Secure Shell (SSH) proxy server, a request to establish an SSH connection with a component of an application of a multi-tenant Platform-as-a-Service (PaaS) system, the component is separate from the SSH proxy server;

authenticating, by the SSH proxy server, credentials provided as part of the request;

establishing, by the SSH proxy server, the SSH connection with a device originating the request;

receiving, by the SSH proxy server in view of authenticating the credentials and establishing the SSH connection, routing information for the application, the routing information comprising a location of a node of the multi-tenant PaaS system executing the application;

establishing, by the SSH proxy server, an internal communication session with an executing proxy of the node; and

forwarding, by the SSH proxy server, information conveyed over the SSH connection to the executing proxy via the internal communication session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations provide for a secure shell (SSH) proxy for a Platform-as-a-Service (PaaS) system. A method of the disclosure includes receiving, by a processing device executing a Secure Shell (SSH) proxy server, a request to establish an SSH connection with a component of an application of a multi-tenant Platform-as-a-Service (PaaS) system, the component is separate from the SSH proxy server, authenticating credentials provided as part of the request, establishing the SSH connection with a device originating the request, receiving, in view of authenticating the credentials and establishing the SSH connection, routing information for the application, the routing information comprising a location of a node of the multi-tenant PaaS system executing the application, establishing an internal communication session with an executing proxy of the node, and forward information conveyed over the SSH connection to the executing proxy via the internal communication session.

15 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by a processing device executing a Secure Shell (SSH) proxy server, a request to establish an SSH connection with a component of an application of a multi-tenant Platform-as-a-Service (PaaS) system, the component is separate from the SSH proxy server;
  
  authenticating, by the SSH proxy server, credentials provided as part of the request;
  
  establishing, by the SSH proxy server, the SSH connection with a device originating the request;
  
  receiving, by the SSH proxy server in view of authenticating the credentials and establishing the SSH connection, routing information for the application, the routing information comprising a location of a node of the multi-tenant PaaS system executing the application;
  
  establishing, by the SSH proxy server, an internal communication session with an executing proxy of the node; and
  
  forwarding, by the SSH proxy server, information conveyed over the SSH connection to the executing proxy via the internal communication session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein authenticating the credentials comprising communicating with a PaaS master component to authenticate the credentials.
  - 3. The method of claim 2, wherein the routing information is sent from the PaaS master component when the PaaS master component determines that a user associated with the credentials is authorized to access the component of the application.
  - 4. The method of claim 1, wherein the component of the application is a container executing on the node of the multi-tenant PaaS system, the container launched from an application image providing functionality of the application.
  - 5. The method of claim 1, wherein the component of the application is source code of the application stored in a repository.
  - 6. The method of claim 1, wherein the executing proxy comprises a process executing on the node, the process to run one or more executables to provide access to the component of the application on the node.
  - 7. The method of claim 1, wherein the internal communication session utilizes a communication protocol that is different than SSH.
  - 8. The method of claim 1, wherein the processing device is part of a node that executes multiple applications comprising at least the application, and wherein the multiple applications are owned by different owners.

9. A system, comprising:
- a memory;
  
  a processing device communicably coupled to the memory, the processing device to execute a Secure Shell (SSH) proxy server to;
  
  receive a request to establish an SSH connection with a component of an application of a multi-tenant Platform-as-a-Service (PaaS) system, the component is separate from the SSH proxy server;
  
  authenticate credentials provided as part of the request;
  
  establish the SSH connection with a device originating the request;
  
  receive, in view of authenticating the credentials and establishing the SSH connection, routing information for the application, the routing information comprising a location of a node of the multi-tenant PaaS system executing the application;
  
  establish an internal communication session with an executing proxy of the node; and
  
  forward information conveyed over the SSH connection to the executing proxy via the internal communication session.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the SSH proxy server to authenticate the credentials further comprises the SSH proxy server to communicate with a PaaS master component to authenticate the credentials.
  - 11. The system of claim 10, wherein the routing information is sent from the PaaS master component when the PaaS master component determines that a user associated with the credentials is authorized to access the component of the application.
  - 12. The system of claim 9, wherein the component of the application is a container executing on the node of the multi-tenant PaaS system, the container launched from an application image providing functionality of the application.
  - 13. The system of claim 9, wherein the component of the application is source code of the application stored in a repository.
  - 14. The system of claim 9, wherein the executing proxy comprises a process executing on the node, the process to run one or more executables to provide access to the component of the application on the node.
  - 15. The system of claim 9, wherein the internal communication session utilizes a communication protocol that is different than SSH.

16. A non-transitory machine-readable storage medium including instructions that, when accessed by a processing device, cause the processing device to:
- receive, by the processing device executing a Secure Shell (SSH) proxy server, a request to establish an SSH connection with a component of an application of a multi-tenant Platform-as-a-Service (PaaS) system, the component is separate from the SSH proxy server;
  
  authenticate, by the SSH proxy server, credentials provided as part of the request;
  
  establish, by the SSH proxy server, the SSH connection with a device originating the request;
  
  receive, by the SSH proxy server in view of authenticating the credentials and establishing the SSH connection, routing information for the application, the routing information comprising a location of a node of the multi-tenant PaaS system executing the application;
  
  establish, by the SSH proxy server, an internal communication session with an executing proxy of the node; and
  
  forward, by the SSH proxy server, information conveyed over the SSH connection to the executing proxy via the internal communication session.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory machine-readable storage medium of claim 16, wherein the processing device to authenticate the credentials further comprises the processing device to communicate with a PaaS master component to authenticate the credentials.
  - 18. The non-transitory machine-readable storage medium of claim 17, wherein the routing information is sent from the PaaS master component when the PaaS master component determines that a user associated with the credentials is authorized to access the component of the application.
  - 19. The non-transitory machine-readable storage medium of claim 16, wherein the component of the application is at least one of:
    - a container executing on the node of the multi-tenant PaaS system, the container launched from an application image providing functionality of the application, orsource code of the application stored in a repository.
  - 20. The non-transitory machine-readable storage medium of claim 16, wherein the executing proxy comprises a process executing on the node, the process to run one or more executables to provide access to the component of the application on the node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Goldstein, Andrew, Wiest, Thomas, Coleman, Clayton

Granted Patent

US 9,900,313 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0884   by delegation of authentica...

H04L 67/10   in which an application is ...

H04L 67/141   Setup of application sessio...

Secure Shell (SSH) Proxy for a Platform-as-a-Service System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Shell (SSH) Proxy for a Platform-as-a-Service System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links