SSH service

1. About

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. The Secure Shell Protocol is an essential component of the administration of any computer network and the Internet.

2. Systems

2.1 Frontend

FQDN BFH IT-Services IPv6 IPv4
FQDN BFH IT-Services IPv6 IPv4

2.2 Backend

Always use the frontend DNS record

Never use the backend nodes directly:

  • backend may change without notice at any time (e.g. IP addresses, DNS records, configuration, etc.)
  • backend has no legacy support or grace periods, changes are implemented instantly
  • backend can be rebootet without notice at any time
  • backend access will soon be restricted

FQDN IPv6 IPv4 2a07:6b40::71 2a07:6b40::72 2a07:6b40::73 2a07:6b40::74
FQDN IPv6 IPv4 2a07:6b42:101:11::11 2a07:6b42:101:11::12

3. Features

  • TODO

4. Backlog

4.1 Legacy

  • ????: retire ssh{1,2}

  • ????: retire node{1,2}.ssh.esb{,-test}

4.2 Features

  • 2023: restricting backend subnet access

  • 2023: anycasting

  • 2023: setup automated ssh hostkey signing CA

  • 2023: selfservice for user keys via IDM

  • 2023: (non-)persistent home on after some more testing

  • ????: benchmarking

4.3 Known issues

  • no known issues