By Jon Griffin Posted June 24, 2017
Wouldn’t it be nice to have an automated, online SSH key management service to manage and deploy public SSH keys? Historically, IT admins and DevOps engineers have had to deal with this process manually. Fortunately, a new generation of cloud identity management platform is solving this issue, and a solution called Directory-as-a-Service® (DaaS) is leading the way. This innovative cloud based directory is handling this exact SSH key management process, but this platform does it as a SaaS-based service.
Linux User Management
User management for Linux systems has come a long way in the last few years. A couple of decades ago, the process for user management was leveraging Microsoft Active Directory® for Windows-based systems and applications, and resorting to manual user management for Linux or Unix systems. Few organizations leveraged a Linux management ‘solution’, but if they did it would typically be OpenLDAP™, the open source directory service implementing LDAP.
Of course, when the number of admins and servers was reasonably contained, this process wasn’t that difficult. But, over the last several years the IT landscape for server infrastructure has changed dramatically. Cloud providers such as AWS and Google Cloud have made it simple to create a massive server and network infrastructure, all the while having nothing on-prem. In fact, whole data centers are being shifted to Infrastructure-as-a-Service providers.
SSH Key Management
The challenge in this scenario then becomes how to efficiently manage user access to that cloud server infrastructure. AWS has pushed for the use of SSH keys due to their security, and most DevOps and IT engineers would rather have their team use SSH keys as well. With this approach, the developer or ops person would create their own SSH key pair on their computer, and then share the public key with their DevOps or IT admin. The admin could then place the public key on each server that the person had access to. While functional, this system is extremely time consuming and manual, and with that comes the chance for human error.
Directory-as-a-Service Manages SSH Keys Better
With the scaling of cloud infrastructure and technical personnel in an organization, IT organizations were desperately in need of a better way to manage SSH keys. Of course, this explosion of cloud infrastructure (along with Macs, apps, and new types of security threats), left IT with a whole host of challenges to overcome, in addition to SSH key management. So in a perfect world, an admin at an organization would have a single, browser-based console that could manage all of today’s assorted IT resources.
Fortunately, online SSH key management functionality is provided as a service by Directory-as-a-Service. This cloud identity management solution is a centralized user management system that handles desktop and laptop authentication (Windows, Mac, Linux), server authentication in the cloud or on-prem (via passwords or SSH keys), web and on-prem application access (via SAML and LDAP), and network access (via RADIUS). The cloud directory centrally and securely manages and connects users to these IT resources.
An added benefit of the IDaaS platform is that there is an extensive self-service user portal that enables users to change passwords and upload SSH keys. Those SSH keys are then deployed to the requisite servers based on whether the user should have access to it or not. This means that the IT admin does not need to be in the middle of the SSH key management process. As a result, the process is more secure, and much more efficient.
Try DaaS Online SSH Key Management
If you more specific questions about online SSH key management and how Directory-as-a-Service solves this problem for your unique infrastructure, drop us a note. Additionally, feel free to check out our virtual identity provider for yourself. You can sign-up for a free account where your first 10 users are free forever.