Why You Should Use a Public-Private Key Pair Per Device

Written by Rajat Bhargava on December 12, 2014

Share This Article

Many security-conscious organizations have a policy of generating a unique private-public SSH key pair per device. The benefits of this approach are significant as any compromise of a device does not immediately compromise the user’s entire account. That particular key pair can be removed while the user has continued access to their accounts from a different device.

But generating unique private-public SSH keys can quickly turn into an IT nightmare if the business doesn’t have the right technology in place. IT admins must verify that each user has submitted their public keys, and then place those keys on the appropriate servers and applications. It is time consuming, tedious, and rife with human errors. For anything more than a few users, this approach is simply too complex. But if an organization shies away from the complexity of public-private key pairs and chooses not to implement the tactic, they miss out on a key security tactic.

Can Directory-as-a-Service® Help?

JumpCloud’s Directory-as-a-Service, or DaaS, solution gives IT admins a little peace of mind. The cloud-hosted directory service easily manages the policy of a SSH key pair per device. In fact, IT admins end up doing very little of the work! JumpCloud® enables end users to upload and manage their keys through its self-service portal. What’s even better is that IT admins don’t need to play middleman with public keys, even when a user is provisioned. The IT admin simply provisions the account and an email is sent to the user to complete the process. An optional second step can enable multi-factor authentication. Once the admin has entered the username, their job is done. The end user finishes provisioning their account.


JumpCloud pushes SSH public keys to every Linux and OS X host to which the user has access, and updates them whenever you or your user updates them. No more manually pushing keys, or worse yet, hard-coding them into a configuration management tool like Chef or Puppet. JumpCloud’s Identity-as-a-Service platform gives you and your users the power to quickly and easily update SSH keys across all *NIX hosts in your organization.

By building a system to manage multiple SSH keys per user, JumpCloud’s virtual directory service has enabled organizations to take a significant security step.

We know what you’re thinking: “finally.”

If security is important to you and helping offload the complex task of SSH key management sounds appealing to you, give JumpCloud a try. Your first 10 users are free forever! And, if you have any more questions about how to step-up the security of your directory servicesdrop us a note. We’d be happy to talk to you.

Continue Learning with our Newsletter