GSI-OpenSSH

Services Running

Service Globus Gatekeeper Server 
Service description GSI-OpenSSH is a modified version of OpenSSH that adds support for X.509 proxy certificate authentication and delegation, providing a single sign-on remote login and file transfer service. GSI-OpenSSH can be used to login to remote systems and transfer files between systems without entering a password, relying instead on a valid proxy credential for authentication. GSI-OpenSSH forwards proxy credentials to the remote system on login, so commands requiring proxy credentials (including GSI-OpenSSH commands) can be used on the remote system without the need to manually create a new proxy credential on that system. For more information about GSI-OpenSSH, see the GSI-OpenSSH Home Page.
Init scripts
/etc/init.d/gsisshd
Daemons /usr/sbin/gsisshd
Configuration /etc/gsissh/sshd_config
          Server configuration options akin to those of openssh.
/etc/globus/ssh_config
System-wide client configuration options akin to those of openssh.
/etc/globus/
Folder containing all configuration options for gsi-openssh.


Logs /var/log/messages
    By default output is provided via syslog in the standard system log.

Open Ports

Port/Protocol Description
22/tcp
By default runs on 22, so one needs to stop ssh to use it. It can also be used as a secondary ssh server on other ports (most commonly 2222).

Useful Files

Path/name Description
/etc/gsissh Main configuration folder for server and client (system-wide)
/etc/gsissh/ssh_host* RSA and DSA, PKI keys for the host
/etc/grid-security GSI configuration is under this folder, i.e. host certificates as well as CA certificates and the grid-mapfile.
/var/run/gsisshd.pid Standard PID file location

Cron Jobs

Not the case. Not needed.

Security Information

The gsi-openssh uses GSI and also standard OpenSSH methods. Users with certificates are mapped to local user accounts based on their DN. The mappings are set in the grid-mapfile file by default in /etc/grid-security/grid-mapfile.

Utility Scripts

 Path/name Description
/etc/init.d/gsissh Starts, restarts stops and provides the status of the gsisssh server.
Comments