By Natalie Bluhm Posted May 1, 2018
The use of SSH keys is growing dramatically, with many large organizations having millions of these. An SSH key pair is used to log into remote systems like servers hosted in AWS®. The most popular kind of SSH key pair is essentially a 617 digit long password, and this is one of the reasons why there is a growing trend to use SSH keys over traditional passwords. As IT and DevOps organizations are more cognizant of security issues and the use of cloud infrastructure such as AWS grows, IT organizations can’t help but ask, what does the future of SSH key management hold?
It’s a fair question, especially when studies deliver alarming statistics like the following:
- Dimensional Research found that 90% of respondents reported they did not have a complete and accurate inventory of all the SSH keys used in their environment (BusinessWire).
- SSH.com discovered one of their customers had 3 million SSH keys and 90% of them were no longer in use, but still granted access to live production servers (SSH.com).
The good news is a modern identity management solution, called JumpCloud® Directory-as-a-Service®, is not only making SSH key management easier, but it’s also centralizing authentication to all of the IT resources used in your IT environment. First, let’s briefly take a look at why SSH key management has been a hassle.
SSH Key Management Challenges
SSH keys are often a painful part of the IT management process despite their benefits of increased security. This is because each user’s public SSH key needs to be distributed to the servers that the person needs to access. If your organization is of a decent size with many users and systems, the matrix of keeping track of who has access to what can get complicated quickly.
This is often why SSH key management ends up being simplified with either users getting access to every machine, or users sharing a set of SSH keys. Neither of these is a great solution because of the increased risk that it generates. If every user has access to every server, then a hacker just needs to get their hands on one set of credentials, and they would be able to access every server. The shared option is a risk because a user who is no longer with the company can still use the shared SSH key to access company IT resources.
In an attempt to avoid both of these SSH key management options, IT organizations end up managing SSH keys either manually or through automated configuration solutions such as Chef or Puppet. Of course, neither of these approaches ends up being a viable long-term approach for IT admins or DevOps engineers. A manual approach increases the likelihood that IT admins will miss something. After all, it’s easy to accidentally skip over a row in a spreadsheet. Also, if you have large teams, there are not enough hours in the day to effectively and securely manually manage SSH keys. On the other hand, configuration automation solutions are an okay solution for a small team, but as the team grows, so do the levels of complexity. Scripting those levels of complexity is tedious, time-consuming, and prone to human error.
Thankfully, there is another solution that can support SSH key management – JumpCloud Directory-as-a-Service. JumpCloud is a new cloud directory platform that not only includes traditional user management for all IT resources, but also SSH key management.
JumpCloud – The Future of SSH Key Management
This new cloud identity management solution takes a multi-protocol, independent approach to managing IT resources. This enables JumpCloud to connect to any IT resource including systems (Mac®, Linux®, and Windows®), local and cloud servers, LDAP and SAML based applications, physical and virtual file storage (Samba file servers, Box, Dropbox, etc. ) and wired and wireless networks (using RADIUS). This makes it possible to provide a DevOps engineer with one identity that they can use to authenticate to AWS servers, Linux systems, GitHub™, Jenkins®, and more.
Finally, JumpCloud makes using SSH keys a breeze, and almost entirely removes IT admins from the process. The engineer simply logs into the JumpCloud user portal and uploads their public keys. These keys are then automatically distributed to any systems the engineer has access to, and will be needed for any systems that have public key authentication enabled. All of an engineer’s SSH keys are tied to their single identity that also connects them to their systems, apps, file storage, and networks. When the engineer leaves the company, all it takes is a few clicks, and IT admins can disable all of the engineer’s SSH keys, and deprovision access to all of the IT resources the engineer had access to.
Using JumpCloud, IT admins can gain peace of mind knowing their SSH key management is automated, precise, and secure.
More about the Future of SSH Key Management
If you would like to have a deeper conversation about the future of SSH key management, drop us a note. We’d be happy to answer any questions you might have. We also offer a fully featured free account that comes with ten users free forever. Sign up here, and start testing our SSH key management and other identity management features. By then end, you’ll get a good sense of what JumpCloud Directory-as-a-Service can do for your IT environment.