JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Why You Should Use a Public-Private Key Pair Per Device



Many security-conscious organizations have a policy of generating a unique private-public SSH key pair per device. The benefits of this approach are significant as any compromise of a device does not immediately compromise the user’s entire account. That particular key pair can be removed while the user has continued access to their accounts from a different device.

But generating unique private-public SSH keys can quickly turn into an IT nightmare if the business doesn’t have the right technology in place. IT admins must verify that each user has submitted their public keys, and then place those keys on the appropriate servers and applications. It is time consuming, tedious, and rife with human errors. For anything more than a few users, this approach is simply too complex. But if an organization shies away from the complexity of public-private key pairs and chooses not to implement the tactic, they miss out on a key security tactic.

Can Directory-as-a-Service® Help?

JumpCloud’s Directory-as-a-Service, or DaaS, solution gives IT admins a little peace of mind. The cloud-hosted directory service easily manages the policy of a SSH key pair per device. In fact, IT admins end up doing very little of the work! JumpCloud® enables end users to upload and manage their keys through its self-service portal. What’s even better is that IT admins don’t need to play middleman with public keys, even when a user is provisioned. The IT admin simply provisions the account and an email is sent to the user to complete the process. An optional second step can enable multi-factor authentication. Once the admin has entered the username, their job is done. The end user finishes provisioning their account.

Dashboard

JumpCloud pushes SSH public keys to every Linux and OS X host to which the user has access, and updates them whenever you or your user updates them. No more manually pushing keys, or worse yet, hard-coding them into a configuration management tool like Chef or Puppet. JumpCloud’s Identity-as-a-Service platform gives you and your users the power to quickly and easily update SSH keys across all *NIX hosts in your organization.

By building a system to manage multiple SSH keys per user, JumpCloud’s virtual directory service has enabled organizations to take a significant security step.

We know what you’re thinking: “finally.”

If security is important to you and helping offload the complex task of SSH key management sounds appealing to you, give JumpCloud a try. Your first 10 users are free forever! And, if you have any more questions about how to step-up the security of your directory servicesdrop us a note. We’d be happy to talk to you.


Recent Posts
Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Blog

Introducing the JumpCloud Windows App for Workflow Simplicity and Security

Use the JumpCloud Windows App now for easy, native, and secure password management for employees on Windows OS.

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Blog

Which Protocols Should Be Used for IAM?

Find a single identity and access management solution that supports all the authentication protocols you need. Try JumpCloud free today.

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.

Blog

Breaking Down the Domainless Enterprise

Read this blog to see why a domainless approach to identity management is the future of IT, and how you can implement it easily in your environment.