SSH Configuration Interface. Design and Implementation of a “student self-service portal” for accessing to Linux-VMs

Bachelorarbeit, 2020
55 Seiten, Note: 1.7

Informatik - Software

Leseprobe

1 Introduction

2 Technologies

2.1 Multitier Architecture

2.1.1 Back-end

2.1.2 Front-end

2.2 Persistence Layer

2.2.1 Novell’s Library for LDAP

2.3 NLog Framework

2.4 Security Layer

2.5 Tools

3 Architecture

3.1 User Activity

3.2 Physical Deployment Model

3.3 Application Structure

3.3.1 MVC

3.3.2 Programming Model

3.3.3 Request Lifecycle

3.3.4 Dependency Injection

3.3.5 Improved Service Registration Mechanism

3.4 Data Access

3.4.1 Directory Service

3.4.2 Directory Service compared to DBMS

3.4.3 Authentication and Authorization

3.5 Configurations

4 Implementation

4.1 Hosting Environment

4.2 Error Handling

4.3 Logging

4.4 Identity Framework with LDAP

4.5 Key Storage Mechanism

4.6 Key Monitoring

4.7 Key Upload/Update

4.8 Key Delete

5 Security

5.1 Google reCaptcha v3

5.2 Open-Redirect Attack

6 Conclusion

6.1 Discussion

Objectives and Topics

This thesis addresses the administrative burden associated with managing SSH access for multiple users on shared Linux virtual machines. The primary goal is to design and implement a self-service web portal that allows users to independently upload their public SSH keys, thereby reducing the need for direct manual intervention by system administrators.

Development of a user-friendly, web-based SSH configuration interface.
Integration of Lightweight Directory Access Protocol (LDAP) for secure user authentication and authorization.
Implementation of robust security measures, including Google reCaptcha v3 and protection against common web vulnerabilities.
Automation of server-side key management through a loosely coupled, scalable software architecture.
Utilization of dependency injection and custom installers to ensure maintainability and modularity.

Auszug aus dem Buch

3.3.4 Dependency Injection

SSH CI heavily relies on Dependency Injection. ASP.NET Core has built-in support for DI which is a software design pattern used for achieving Inversion of Control (IoC) between classes and their dependencies. It is an imperative technique for building modern, loosely coupled applications. The end applications are more unit-testable, modular, and maintainable as result. In a scenario similar as in fig. 3.7, class A is directly dependent on Class B. This might be a problem when trying to replace B with a different implementation, class A must be modified. In a large project with multiple classes depending on B, the code becomes strewed across the application. This kind of implementation significantly complicates the unit testing. Class B has to be involved in the unit testing of class A which breaks the unit testing principles.

Nevertheless, DI addresses this problem by using an interface to abstract away the dependency implementation as demonstrated with an example from SSH CI, fig. 3.8. Registration of the dependency is done in the service container provided by the framework. In ASP.NET Core they are registered in the application’s "Startup" class, in the “ConfigureServices” method, however, in SSH CI the container is distributed across several “Installer” classes for establishing a more structured service registration mechanism. Therefore, a more maintainable application is achieved. This approach will be discussed in section 3.3.5. As a result, it’s easy to change the implementation that “AccountController” uses without modifying the controller.

Summary of Chapters

1 Introduction: Discusses the motivation for automating SSH key management and the limitations of manual administration in multi-user environments.

2 Technologies: Provides an overview of the technical stack, including ASP.NET Core MVC, LDAP, and NLog, used to build the solution.

3 Architecture: Explains the core system design, including the multitier architecture, the MVC pattern, and the service registration mechanism.

4 Implementation: Details the practical realization of the portal, covering hosting, error handling, LDAP integration, and key management scripts.

5 Security: Analyzes the implementation of security features such as Google reCaptcha v3 and the mitigation of Open-Redirect attacks.

6 Conclusion: Evaluates the completed project, discusses limitations, and suggests potential future improvements.

Keywords

SSH, Linux, Web Portal, Automation, LDAP, ASP.NET Core, MVC, Dependency Injection, Security, reCaptcha, Public Key Authentication, System Administration, Scalability, Middleware, User Management

Frequently Asked Questions

What is the core focus of this thesis?

The work focuses on designing and implementing an automated self-service portal that allows users to manage their own SSH public keys for accessing shared Linux virtual machines, reducing manual administrative tasks.

What are the primary thematic areas covered?

Key topics include web application architecture (MVC), dependency injection, identity management via LDAP, automated script execution for key storage, and web security measures.

What is the main objective of the proposed system?

The objective is to minimize system administrator involvement in the SSH key distribution process by providing a scalable, secure, and user-friendly interface for students to manage their access themselves.

Which scientific or technical methods are applied?

The thesis utilizes a client-server architectural approach, implements an asynchronous programming model for scalability, and employs established design patterns like Dependency Injection and the Options Pattern for clean configuration management.

What is discussed in the main part of the thesis?

The main part covers the system architecture, the implementation details—specifically how Identity Framework is integrated with LDAP—and the security layer, detailing how various vulnerabilities are mitigated.

Which keywords best characterize the work?

Key terms include SSH, Automation, LDAP, ASP.NET Core, MVC, Dependency Injection, and Security.

How does the application ensure that only authorized users can access the portal?

The system uses LDAP to authenticate users and verifies their enrollment in specific courses before granting them access to the portal or allowing them to manage their SSH keys.

Why was Google reCaptcha v3 selected for this project?

reCaptcha v3 was chosen because it is transparent to the user, monitoring interactions in the background and assigning risk scores to requests, which effectively prevents bot-driven brute-force attacks.

How is the system design made maintainable?

Maintainability is achieved through a modular architecture where services are registered using distributed installer classes and dependency injection, allowing for easy updates and OS-independent migration.

Ende der Leseprobe aus 55 Seiten - nach oben

Details

Titel: SSH Configuration Interface. Design and Implementation of a “student self-service portal” for accessing to Linux-VMs
Hochschule: Hochschule Ulm
Veranstaltung: Computer Science
Note: 1.7
Autor: Gheorghe Mironica (Autor:in)
Erscheinungsjahr: 2020
Seiten: 55
Katalognummer: V1147465
ISBN (eBook): 9783346527226
ISBN (Buch): 9783346527233
Sprache: Englisch
Anmerkungen: The thesis is about an application for the students of Technische Hochschule Ulm for setting up an SSH public key on one of the available Linux servers. The fully documented application is available on Github. https://github.com/GikuMironica/SSHConfigurator
Schlagworte: C# ASP.NET CORE MVC LDAP SSH Linux VM Directory Service Full Stack
Produktsicherheit: GRIN Publishing GmbH
Preis (Ebook): US$ 17,99
Preis (Book): US$ 28,99

Arbeit zitieren: Gheorghe Mironica (Autor:in), 2020, SSH Configuration Interface. Design and Implementation of a “student self-service portal” for accessing to Linux-VMs, München, Page::Imprint:: GRINVerlagOHG, https://www.diplomarbeiten24.de/document/1147465