Field of the Invention
This invention relates to the field of secure network communication and, more particularly, to efficiently establishing a secure shell connection for accessing Web resources.
Description of the Related Art
Early client-server computing models utilized code on each of the multiple client computing devices and on a remote server for a supported client-server application. The code for the client computing devices provided a user interface and the code was installed on each of the multiple client computing devices. Upgrades caused changes to the code on each of the multiple client computing devices. Additionally, the code for the client computing devices and the server typically was dependent on a given instruction set architecture (ISA) and operating system (OS).
Web-based applications handled many of the above issues by utilizing Web pages created by standard language formats. A Web browser on the client computing device transmits requests to a remote Web server storing the requested Web page. The Web browsers use the Hypertext Transfer Protocol (HTTP) to transfer the requests. The client code for an application hosted on the remote Web server is downloaded to the client computing devices when the particular Web page is successfully accessed.
The remote Web server hosting the application may restrict access to the application to a particular group of users. Early security practices for client-server computing models used the HTTP Basic Authentication, wherein a user provided credentials to be used to authenticate the user prior to allowing the user to access the hosted application. This type of authentication prompts the user for credentials for each access of other resources available through the remote Web server although the user was already authenticated. Additionally, once a user is authenticated, an application programming interface (API) key, which may include the credentials in an encoded format, is used in the header of each request. A malicious user gaining access to the computing device used by the authenticated user may reverse engineer the client code for the application on the computing device and obtain the stored API key.
Token authentication provides tracking of each connected computing device that accesses the Web-based application hosted on the remote Web server and does not prompt for credentials for accesses of other resources available through the remote Web server when the user was already authenticated. Operating systems provide additional security by hiding the storage of access tokens. In addition, access tokens have expiration periods which limits potential damage should a malicious user obtain the access token. Authentication services are used to verify the user credentials and generate the temporary access token to be used during a session on the remote Web server.
The generation and maintenance of token authentication is complex. Developers prefer to spend time creating the Web-based applications and getting the applications online and running quickly, rather than consuming an appreciable amount of time on writing code for supporting and maintaining the token authentication. Further, for many types of tasks and the corresponding Web-based applications, particular users, such as system administrators, prefer to use a secure shell (SSH) user interface. The SSH user interface provides a command-line interface (CLI) to the OS and the Web-based application. However, the SSH access typically prompts the user for another login attempt despite the system administrator already establishing a HTTP session on the remote Web server hosting the Web-based application. The authentication service may also use HTTP redirection while verifying the credentials. The SSH user interface is unable to support the HTTP redirection.
In view of the above, improved systems and methods for efficiently establishing a secure shell connection for accessing Web resources are desired.