US 12,278,807 B2
Proxy SSH public key authentication in cloud environment
Han Xiao, Coquitlam (CA); and Wenping Luo, Coquitlam (CA)
Assigned to Fortinet, Inc., Sunnyvale, CA (US)
Filed by Fortinet, Inc., Sunnyvale, CA (US)
Filed on Sep. 30, 2021, as Appl. No. 17/491,432.
Prior Publication US 2023/0101920 A1, Mar. 30, 2023
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/062 (2013.01) [H04L 63/0435 (2013.01); H04L 63/0823 (2013.01); H04L 63/0876 (2013.01)] 4 Claims
OG exemplary drawing
 
3. A method in a gateway device for providing proxy SSH (secure shell) sessions on a data communication network to cloud servers on an enterprise network, the method comprising the steps of:
receiving an SSH public key from a client device on the enterprise network, and query an (endpoint management server) EMS device based on the SSH public key, wherein the EMS device has authenticated the client device and a user of the client device;
responsive to confirmation of registration from the EMS server, generating a certificate based on the client device and the user of the client device; and
initiating a proxy SSH session with the external server on behalf of the client device and the user of the client device as a man in the middle, including submitting the certificate and the SSH public key from the client device to the external server, and automatically authenticating the client device to a second external server without knowledge of the client device that owns the SSH public key.