By Zach DeMeyer Posted December 23, 2018
IT admins are curious about the identity and access management (IAM) capability for SSH (secure shell) key management. SSH keys have become more popular as of late with the increase in cloud Linux® servers and the need for heightened security measures. The challenge with the use of SSH keys is how to easily and securely manage them across an enterprise. In an ideal scenario, an IAM solution would have the capability to manage SSH keys in coordination with an associated user identity.
What are SSH Keys?
SSH keys are used as a form of authentication—usually used instead of passwords to authenticate access to servers. SSH keys work over the Secure Shell (hence SSH) protocol and form an encrypted tunnel between the client and server. SSH keys are a pair of credential tokens, one public and the other private. The public key is placed on the server, while the private key remains securely in the property of the user who created it. When the user presents their private key to the server’s public key, a cryptographic match is established and the communication is authenticated.
Because AWS® and other cloud infrastructure providers mandate the use of SSH keys for cloud server access, modern approaches to SSH key management are becoming a very hot topic. Historically, admins would be on the hook to manage the deployment, rotation, and expiration of SSH keys on servers. Sysadmins may end up manually handling the chore, scripting the process, using configuration management tools, or utilizing specialized IAM solutions to do so.
SSH Key Management in IAM
As the traditional identity management infrastructure within organizations is being upended with a significant shift to the cloud, a standalone system or process for SSH key management ends up being a burden for IT and system admins. Ideally, the process of managing SSH keys would be embedded into the core identity and access management platform with little to no overhead involved. Public keys could be uploaded to the identity management platform, using the system to automatically distribute keys to their requisite servers. Admins could automatically decommission keys centrally, reducing the risk of compromise due to outdated keys. The public SSH key management would be integrated with the end user’s identity as part of the overall identity and access management system.
IAM Capability SSH Key Management from JumpCloud®
There is such a platform: JumpCloud® Directory-as-a-Service®. This cloud identity management solution is not only managing SSH keys, but acts as the central identity store for user identities as well. Those identities are subsequently federated to a wide range of IT resources including systems, applications, files, and networks.
If an identity and access management solution with the capability of SSH key management sounds appealing to you, consider signing up for JumpCloud today. Signing up creates a free JumpCloud account for your organization with ten users included to get you started in the platform. If you would like to learn more about Directory-as-a-Service, contact us with questions or explore our YouTube channel.