Named in honor of Tatu Ylönen, the inventor of SSH, Tatu is an OpenStack service that manages SSH user and host certificates. Tatu can also start and manage bastion servers so that you don't have to (and you don't have to give every SSH server a public IPv4 address).
Tatu provides APIs, Horizon Dashboard Panels and OpenStack CLI that allow:
- Users to obtain SSH user-type certificates (per project) for their public key, with permissions corresponding to their roles in the project.
- OpenStack VM (or bare metal) instances to obtain a host SSH certificate for their public key, and to configure user accounts corresponding to Keystone roles.
- Slides (February 2018)
- Feb. 2018 full demo video (without Keystone role integration, 11 minutes)
- Single-feature demo video of integration with Uber's pam-ussh module (Mar. 2018, 4 minutes).
|Code Repositories||Tatu TatuClient TatuDashboard|
|Code Review||Tatu TatuClient TatuDashboard|
|IRC Channel|| |
|Mailinglist|| Drop emails to openstack-dev with tag |
|Weekly Meetings||We have a regular slot in the Security SIG's weekly meeting starting March 8, 2018 (until we reach critical mass).|