The user starts by using his certificate to generate a credential that is stored in a MyProxy server. The Myproxy Upload Tool  can be used to accomplish this task. During this operation the user will select a username and password that allows the credential to be retrieved at a later time.
At any point during the lifetime of the delegated credential, the user can run an SSH (or SFTP) client of choice to connect to the MEG resource. To login, the user supplies the username and password of his MyProxy credential. Then, MEG uses these to retrieve the credential from the MyProxy server, and uses that credential to authenticate the user against the resource. Assuming this succeeds, the user is logged into the resource, where a proxy credential will be waiting in the environment for further use.
Justification for delivering demo and/or technical requirements (for demos)
Laptop (own supplied), and if possible a large screen.
MEG is a benefit for all users of X509-based grid resources, by enabling them to choose which SSH client they want to use. It is lightweight, small, and easy to maintain and understand, and removes the need to maintain SSH-based portals (which require further user account management).
Conclusions and Future Work
The system has proved very popular with users at STFC and on the UK-NGS. Further extensions to this system should be simple due to the very modular nature of the solution.
Further benefits have been proved within STFC, using a MyProxy-SSO (Single Sign On) server, and the UK NGS is looking at providing a Shibboleth-based extension.
|Keywords||gsisshd ssh myproxy meg|
|URL for further information||http://wiki.ngs.ac.uk/index.php?title=KGSISSHD|