Introduction
Administering large numbers of SSH keys and servers can be very difficult as your organization grows. Correctly identifying valid keys and removing invalid keys throughout an organization can be fraught with errors and have huge consequences on your server security.
In addition, when there are server changes, sometimes your users will receive warnings about being unable to establish the authenticity of your server. Most users will not double-check the key fingerprint of the server before connecting, allowing someone to potentially spoof the server and execute a man-in-the-middle attack.
A project called monkeysphere was created to address these issues. It does this by leveraging GPG keys and the web of trust model to both validate a server’s credentials, and provide easy user management.
In a previous guide, we discussed how to setup monkeysphere to validate servers to users. We will continue where we left off in this guide, where we will learn how to authenticate users to our servers automatically, based only on their GPG keys and our server administrator’s trust in these users. This will allow us to create authentication files that use plain English instead of mostly cryptographic information.
This guide will assume that you have the setup that we left off with in the previous guide (server.example.com, admin.example.com, client.example.com with the necessary trust relationships established). Let’s get started. Continue reading How to Authenticate Users to a SSH Server Using Monkeysphere on an Ubuntu VPS