Shaman  >  Introduction

The Shaman is a tool that allows you to setup SSH connections to remote servers based on crypto-hardware tokens. Once setup, plain OpenSSH commands can be used to contact remote servers, using your token instead of a remote server password.

The Shaman toolkit includes a few commandline utilities in the OpenSSH tradition, as well as a graphical setup utility that handles the tasks that must only rarely be done. Creating and destroying SSH Keys on the token is easy enough with this utility, and so is the installation of such keys on remote servers to which access is needed.

Read the Shaman Setup manual

The SSH tools enable secure remote connections to (most often) Un*x systems, including Linux. It can be used as a secure replacement of telnet or ftp, but there are also generic tunnels to support VPNs and many other secure applications.

Read about using SSH

The OpenSSH toolkit is available for any modern platform. It is actually shipped by default along with most operating systems, and for others an implementation is usually available for free download from the OpenSSH website. There are commandline utilities as well as nice graphical ones.

Visit the OpenSSH website

Advantages of using a token for SSH

The following list explains why it is advantageous to use tokens, rather than remote server passwords or disk-stored client keys, as supported by OpenSSH without Shaman.

  • Efficiency: Rather than typing passwords all the time, only enter a PIN once after the token is plugged in.
  • Security: The token is needed for every access initiation; remove it and be locked out from future connections.
  • Simplicity: End users can better understand their security responsibilities because a hardware token is a physical device.

What's in a name?

Perhaps you wonder what the name Shaman means? A shaman is a witch doctor, who talks to the good spirits of ancestors. This seemed like a nice name for a tool that handles private keys without ever getting any closer to them.

   ------ 8< ---------- 8< ----------- 8< ------ | OpenFortress*