{"guid":"749da409-6d51-53b9-a19a-4e90b5c0672d","title":"SSH authentication using user and machine identities","subtitle":null,"slug":"all-systems-go-2024-320-ssh-authentication-using-user-and-machine-identities","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/JCJ9YT/","description":"Strong authentication requires multiple signals: identity claims proves that identity of the person, while device attestation proves possession of a given machine, and device bound keys prevent the key from being stolen.\n\nIn this presentation we will take a look at how the TPM provides device attestation and device bound keys. We will connect this with identity claims from SSO providers to provide a centrally managed short-lived SSH certificates for users and their devices. This is implemented as an open-source project called “ssh-tpm-ca-authority”.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Morten Linderud"],"tags":["320","asg2024","Dome","2024","Day 2"],"view_count":522,"promoted":false,"date":"2024-09-26T15:15:00.000+02:00","release_date":"2024-09-26T00:00:00.000+02:00","updated_at":"2026-04-02T10:45:06.010+02:00","length":2304,"duration":2304,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/320-749da409-6d51-53b9-a19a-4e90b5c0672d.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/320-749da409-6d51-53b9-a19a-4e90b5c0672d_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/320-749da409-6d51-53b9-a19a-4e90b5c0672d.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/320-749da409-6d51-53b9-a19a-4e90b5c0672d.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-320-ssh-authentication-using-user-and-machine-identities","url":"https://api.media.ccc.de/public/events/749da409-6d51-53b9-a19a-4e90b5c0672d","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[],"recordings":[{"size":218,"length":2304,"mime_type":"video/webm","language":"eng","filename":"asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-09-26T17:14:55.041+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/webm-hd/asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/80376","event_url":"https://api.media.ccc.de/public/events/749da409-6d51-53b9-a19a-4e90b5c0672d","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"},{"size":89,"length":2304,"mime_type":"video/webm","language":"eng","filename":"asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2024-09-26T17:11:12.141+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/webm-sd/asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/80375","event_url":"https://api.media.ccc.de/public/events/749da409-6d51-53b9-a19a-4e90b5c0672d","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"},{"size":72,"length":2304,"mime_type":"video/mp4","language":"eng","filename":"asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2024-09-26T16:59:12.878+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/h264-sd/asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_sd.mp4","url":"https://api.media.ccc.de/public/recordings/80373","event_url":"https://api.media.ccc.de/public/events/749da409-6d51-53b9-a19a-4e90b5c0672d","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"},{"size":22,"length":2304,"mime_type":"audio/opus","language":"eng","filename":"asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2024-09-26T16:56:52.679+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/opus/asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_opus.opus","url":"https://api.media.ccc.de/public/recordings/80368","event_url":"https://api.media.ccc.de/public/events/749da409-6d51-53b9-a19a-4e90b5c0672d","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"},{"size":35,"length":2304,"mime_type":"audio/mpeg","language":"eng","filename":"asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2024-09-26T16:56:18.002+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/mp3/asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/80367","event_url":"https://api.media.ccc.de/public/events/749da409-6d51-53b9-a19a-4e90b5c0672d","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"},{"size":266,"length":2304,"mime_type":"video/mp4","language":"eng","filename":"asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-09-26T16:54:37.812+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/h264-hd/asg2024-320-eng-SSH_authentication_using_user_and_machine_identities_hd.mp4","url":"https://api.media.ccc.de/public/recordings/80363","event_url":"https://api.media.ccc.de/public/events/749da409-6d51-53b9-a19a-4e90b5c0672d","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"}]}