Skip to content
/ ssh_lab Public

lab setup with containers for experimenting with SSH authentication methods, presented at FOSDEM'26

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CLIP-HPC/ssh_lab

BranchesTags

Repository files navigation

ssh_lab: SSH certificates vs. OPKSSH

This repo provides a container setup for use with [docker|podman]-compose to demonstrate different SSH authentication mechanisms.

  • password
  • public key
  • certificates
  • OpenPubKey

see also https://fosdem.org/2026/schedule/event/ST9D39-ssh-logins-cert-vs-opkssh/

running the demos

git clone https://github.com/CLIP-HPC/ssh_lab
podman-compose up

./init/setup-idm.sh
./init/setup-certs.sh
./fixup.sh

# now all containers should be running, and services healthy (this bootstrap process is a bit dirty and needs cleanup)
# run the demos, each demo will print instructions for all the steps and reset the container/user state

./demo1_passwd.sh
./demo2_pubkey.sh
./demo3_cert.sh
./demo4_opkssh.sh

Caveat

In its current form, the bootstrap process is quite dirty, due to some circular dependencies between the CA and kanidm. Kanidm cannot be easily bootstrapped with various secrets and credentials (oauth and user creds)

About

lab setup with containers for experimenting with SSH authentication methods, presented at FOSDEM'26

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages