Federated Identities are the basis on which users are identified on scientific infrastructures. Modern Authentication and Authorisation Infrastructures (AAIs) make use of Federated Identities to provide services to users based on the identity provided by their home-organisation and their membership in the community, expressed by Virtual Organisation Membership.
We present a solution to use federated identities with any modern AAI (eduTEAMS, EGI-CheckIn, B2Access, Indigo-IAM, Google, ...) to access remote resources over SSH, such as HPC machines, or VMs in the Cloud.
Our solution uses unmodified ssh client and server components, by providing a new PAM module, and an additional service on the server side for enforcing authorisation and managing of local accounts. The client side is supported with operating system dependent solutions. Supported are Linux (client and server), Windows and MacOs.