SSH is one of the most widely used tools in Unix. Apart from opening remote shells, its most intriguing feature is the capability to tunnel TCP connections, providing for both a secure channel and an authentication mechanism for generic services lacking them. We will show how to setup a very simple infrastructure that temporarily authorizes users presenting valid X.509 credentials, and in particular Grid users, to use SSH by performing the authentication through HTTPS beforehand. We will also compare this method with tools that provide similar functionalities, such as GSI-Enabled OpenSSH. Finally, a brief description of PROOF on Demand for the LHC ALICE experiment is presented as a use case.

INFN-12-20/TO