In this talk, I will present a prototype integration of Intel TDX’s remote attestation feature into the SSH protocol.

By extending SSH, we ensure connections are only made to hosts within Trusted Domains. Since SSH is a widely used protocol for data transfer and network tunneling, many applications can benefit from this effort.

The focus will be on the design and principles of the challenge-response protocol, which has been prototyped using OpenSSH and the Microsoft Azure Attestation service.