SSH Configuration Interface. Design and Implementation of a “student self-service portal” for accessing to Linux-VMs

Inhaltsverzeichnis (Table of Contents)

• 1 Introduction
• 2 Technologies
  • 2.1 Multitier Architecture
    • 2.1.1 Back-end
    • 2.1.2 Front-end
  • 2.2 Persistence Layer
    • 2.2.1 Novell's Library for LDAP
  • 2.3 NLog Framework
  • 2.4 Security Layer
  • 2.5 Tools
• 3 Architecture
  • 3.1 User Activity
  • 3.2 Physical Deployment Model
  • 3.3 Application Structure
    • 3.3.1 MVC
    • 3.3.2 Programming Model
    • 3.3.3 Request Lifecycle
    • 3.3.4 Dependency Injection
    • 3.3.5 Improved Service Registration Mechanism
  • 3.4 Data Access
    • 3.4.1 Directory Service
    • 3.4.2 Directory Service compared to DBMS
    • 3.4.3 Authentication and Authorization
  • 3.5 Configurations
• 4 Implementation
  • 4.1 Hosting Environment
  • 4.2 Error Handling
  • 4.3 Logging
  • 4.4 Identity Framework with LDAP
  • 4.5 Key Storage Mechanism
  • 4.6 Key Monitoring
  • 4.7 Key Upload/Update
  • 4.8 Key Delete
• 5 Security
  • 5.1 Google reCaptcha v3
  • 5.2 Open-Redirect Attack

Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)

The SSH Configuration Interface (SSH CI) aims to streamline the process of managing SSH access for numerous clients. It addresses the challenge of increasing administrative workload associated with a growing number of users requiring SSH access. The thesis explores the design and implementation of a client-server application that simplifies user authentication and key management, reducing the need for server administration intervention.

• User authentication and authorization
• Multitier architecture and its components
• Data storage and management using LDAP
• Security considerations and implementation of security features
• Implementation details and challenges faced during development

Zusammenfassung der Kapitel (Chapter Summaries)

• Chapter 1: Introduction This chapter sets the stage for the thesis by introducing the problem of managing SSH access for a large number of clients. It discusses the limitations of traditional SSH configuration methods and highlights the need for a more efficient solution.
• Chapter 2: Technologies This chapter delves into the technologies utilized in the development of the SSH CI. It discusses the multitier architecture employed, including front-end and back-end components. Additionally, it explores the persistence layer, focusing on LDAP as the chosen data storage mechanism. The chapter also introduces the NLog framework for logging and security considerations.
• Chapter 3: Architecture This chapter details the overall architecture of the SSH CI, including the application structure, data access mechanisms, and configurations. It explores the Model-View-Controller (MVC) pattern and its role in the application structure. The chapter also discusses the use of dependency injection and improved service registration mechanisms, as well as the advantages of using a directory service (LDAP) compared to a traditional database management system (DBMS).
• Chapter 4: Implementation This chapter focuses on the implementation aspects of the SSH CI. It discusses the hosting environment, error handling strategies, and the integration of the identity framework with LDAP. Additionally, it delves into the key storage and monitoring mechanisms, along with the key upload/update and deletion functionalities.
• Chapter 5: Security This chapter examines the security considerations and implementations in the SSH CI. It discusses the use of Google reCaptcha v3 for combating bot traffic and mitigating the risk of open-redirect attacks.

Schlüsselwörter (Keywords)

The main keywords and focus topics of this thesis include SSH, client-server architecture, user authentication, key management, LDAP, multitier architecture, security, Google reCaptcha, open-redirect attack, and efficient server administration.