Loading…
This event has ended. Visit the official site or create your own event on Sched.
View analytic
Friday, May 26 • 2:50pm - 2:55pm
Authorizing artifact access using SSH-CA

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Security is a never-ending battle to guard against malicious software. An unauthorized upload of an artifact could infect downstream applications that use them. This talk will discuss our implementation using an SSH Certificate Authority to restrict artifact uploads.

Our solution prevents uploads to Artifactory via REST API, forcing jobs to use the Artifactory SSHD Proxy,. Using OpenSSH 6.6 we force authentication based on supplied SSH-CA and performing the authorization through the SSHD “ForceCommand” sshd_config directive. The program invoked uses Artifactory “properties” to activate this authentication mechanism and to validate the initiating user’s principal access to the target artifact.

Speakers
avatar for Daryl Spartz

Daryl Spartz

Senior Software Development Engineer, Yahoo
All about tools and automation.


Friday May 26, 2017 2:50pm - 2:55pm
Meritage Carneros Salon C 875 Bordeaux Way, Napa, CA 94558