This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, May 26 • 2:50pm - 2:55pm
Authorizing artifact access using SSH-CA

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Security is a never-ending battle to guard against malicious software. An unauthorized upload of an artifact could infect downstream applications that use them. This talk will discuss our implementation using an SSH Certificate Authority to restrict artifact uploads.

Our solution prevents uploads to Artifactory via REST API, forcing jobs to use the Artifactory SSHD Proxy,. Using OpenSSH 6.6 we force authentication based on supplied SSH-CA and performing the authorization through the SSHD “ForceCommand” sshd_config directive. The program invoked uses Artifactory “properties” to activate this authentication mechanism and to validate the initiating user’s principal access to the target artifact.

avatar for Daryl Spartz

Daryl Spartz

Sr. Software Development Engineer, Yahoo!
All about tools and automation.

Friday May 26, 2017 2:50pm - 2:55pm
Meritage Carneros Salon C 875 Bordeaux Way, Napa, CA 94558