SSH key management is becoming an increasingly prevalent task for DevOps engineers and IT admins alike. SSH key management for AWS® is especially critical, given how widespread the cloud computing suite is used. The fact of the matter is that SSH key management for AWS servers isn’t really optional; it’s a requirement.
AWS has set their Linux access control standard to involve SSH keys, so ensuring that each key is properly created and handled is crucial. Obviously, this is a step up over standard username and password combinations due to the strength of SSH keys. The challenge for IT admins and DevOps engineers quickly becomes how to manage all of these SSH keys.
An SSH Primer
SSH keys consist of a pair of tokens, one public and one private. Each key pair is created in tandem, with the private key belonging to the person who made it and the public one being placed on the specific resources the user has it linked to. These keys can be used for a variety of authentication situations, including local, remote, and larger session work. Since they often utilize RSA 2048-bit encryption, SSH keys are leaps and bounds more secure than your average username/password. This trait makes them incredibly desirable when dealing with sensitive IT resources including systems and data access.
Of course, the engineers and other technical ops personnel will manage their own private SSH keys, but how do you do manage public SSH keys for AWS without a tremendous amount of hassle?
You’ll want the ability to distribute public keys to all of the AWS Linux servers that a person has access to. When they leave or access rights change, you’ll want those keys removed, thus removing access. It would certainly be quite the undertaking to manage AWS-related SSH keys manually, so having a SaaS solution would be prudent.
SSH Key Management for AWS with JumpCloud
The good news is that there is a new cloud identity management platform that will allow you to easily manage SSH access to your AWS cloud servers via an identity provider. By directly linking keys and identities through one SaaS platform, the SSH key process is streamlined and simplified. IT admins and DevOps engineers can also choose to enable SSH access via password and then add optional multi-factor authentication to it. This cloud identity management SSH key management solution is called JumpCloud Directory-as-a-Service.
With JumpCloud Directory-as-a-Service, IT admins and engineers can leverage centralized identities from the cloud, including their SSH keys with AWS. In the remotely accessible JumpCloud User portal, engineers can upload their created public SSH keys, while keeping their private keys securely on their systems. Public keys are then disseminated across the entire JumpCloud network where appropriate. For deprovisioning, IT admins can simply delete stored SSH keys, making them inaccessible to offboarded employees. Since JumpCloud is a platform-agnostic, third-party directory, it can do all of this regardless of system, be it Linux, Mac, or Windows (again, where relevant).
If you would like to explore JumpCloud’s SSH key management capabilities for AWS, or any of its other features, you can schedule a demo to see the platform in action. You can also sign up for the Directory-as-a-Service platform completely free, which includes ten complimentary users, available forever, to get you started. If you have any questions or comments, contact us or check out our knowledge base.