Services Running
| Service |
Globus Gatekeeper Server
|
| Service description |
GSI-OpenSSH is a modified version of OpenSSH that adds support for X.509 proxy certificate authentication and delegation, providing a single sign-on remote login and file transfer service. GSI-OpenSSH can be used to login to remote systems and transfer files between systems without entering a password, relying instead on a valid proxy credential for authentication. GSI-OpenSSH forwards proxy credentials to the remote system on login, so commands requiring proxy credentials (including GSI-OpenSSH commands) can be used on the remote system without the need to manually create a new proxy credential on that system. For more information about GSI-OpenSSH, see the GSI-OpenSSH Home Page. |
Init scripts
|
/etc/init.d/gsisshd |
| Daemons |
/usr/sbin/gsisshd |
| Configuration |
/etc/gsissh/sshd_config
Server configuration options akin to those of openssh.
/etc/globus/ssh_config
System-wide client configuration options akin to those of openssh.
/etc/globus/
Folder containing all configuration options for gsi-openssh.
|
| Logs |
/var/log/messages
By default output is provided via syslog in the standard system log.
|
Open Ports
| Port/Protocol |
Description
|
22/tcp
|
By default runs on 22, so one needs to stop ssh to use it. It can also be used as a secondary ssh server on other ports (most commonly 2222). |
Useful Files
| Path/name |
Description
|
| /etc/gsissh |
Main configuration folder for server and client (system-wide)
|
| /etc/gsissh/ssh_host* |
RSA and DSA, PKI keys for the host |
| /etc/grid-security |
GSI configuration is under this folder, i.e. host certificates as well as CA certificates and the grid-mapfile.
|
| /var/run/gsisshd.pid |
Standard PID file location
|
Cron Jobs
Not the case. Not needed.
Security Information
The gsi-openssh uses GSI and also standard OpenSSH methods. Users with certificates are mapped to local user accounts based on their DN. The mappings are set in the grid-mapfile file by default in /etc/grid-security/grid-mapfile.
Utility Scripts
| Path/name |
Description
|
| /etc/init.d/gsissh |
Starts, restarts stops and provides the status of the gsisssh server. |
|
|
|
