By Mikkel Hald, 27/03/26
As we have previously reported, DeiC and WAYF have developed a simple yet powerful tool that seamlessly “translates” institutional login into SSH access. This software is now set to become a central component in a broader European effort to provide unified access to the many high performance computing (“HPC”) facilities that are chiefly or only accessed via the SSH protocol.
The solution is based on an SSH Certificate Authority (SSH CA), replacing traditional static SSH keys with short-lived, dynamically issued certificates. Rather than distributing and managing public keys across multiple systems, users authenticate with their institutional identity through federated access. Once authenticated by the trusted CA, they are issued with a time-limited SSH certificate. This strengthens security through short-lived credentials and centralised trust, while also simplifying user onboarding and reducing operational overhead for service providers.
The tool has attracted considerable interest beyond Denmark. NORDUnet has now partnered with DeiC to provide an instance as part of the EuroHPC Federation Platform (EFP). The EFP project was awarded to CSC in Finland and aims to deliver unified access to the European high-performance computing ecosystem. By federating systems and infrastructures across Europe, EFP will make it easier for researchers and industry to access world-class computing resources.
As part of this work, the SSH CA service will be integrated into the EFP offering, which is scheduled to launch in April 2026.
It will be available through MyAccessID, GÉANT’s single sign-on platform for European research. Users who need SSH certificates will authenticate via their home organisation through MyAccessID, after which a short-lived SSH certificate will be issued automatically.
As a special security feature, the MyAccessID SSH CA service will sign its certificates using private keys stored in a hardware security module (HSM) operated by DeiC. Also, the software has received an independent and favourable security review by German identity protocol experts Hackmanit GmbH, adding further to the over-all trustworthiness of the solution.
By bringing together federated identity and secure, certificate-based SSH access, this integration will provide scalable, user-friendly access to HPC resources across Europe. With software developed by DeiC and WAYF as a key contribution.