SSH Key Life Cycle Automation and Management

Written by Zach DeMeyer on December 15, 2020

Share This Article

The dramatic rise of remote work in 2020 has shown IT organizations that security must extend past the firewall to end user devices, individual cloud applications, and servers — both on-premises and hosted in the cloud.

Remote users now require the same access to corporate resources that in-office employees do, and it’s no longer acceptable to deny said access.

How do organizations strike the balance of allowing employees to access the resources they need while meeting the security policies required by company policies and external compliance? SSH keys provide the necessary balance to securely manage server access.

What are SSH Keys?

If you’re hearing about SSH keys for the first time, let’s get you up to speed on the technology and how it works. SSH keys come in pairs, and each pair is made up of a private and a public key. Who possesses these keys determines the type of SSH key pair. If the private key and the public key remain with the end user, the SSH key is referred to as user keys. If the private and public keys are on a remote system, this key is referred to as host keys.

Another type of SSH key is a session key. When a large amount of data is being transmitted, session keys are used to encrypt the information while in flight.  

SSH keys offer a secure way for end users to connect to on-prem Linux servers, but the keys need to be managed appropriately from creation to deletion to be secure. This process can be done manually, but it’s time-consuming, prone to error, and not scalable to larger organizations. 

Automating SSH Key Life Cycles with JumpCloud

By automating the process of managing SSH keys, organizations save time, scale as they grow, and ultimately limit future security breaches. If SSH keys are not disabled when employees leave an organization, that lingering access can cause problems, oftentimes happening without IT staff’s immediate awareness. In larger companies with millions of SSH keys, it’s nearly impossible to manage access manually. Without the proper solution to manage SSH keys, an organization is setting itself up for failure.

As mentioned earlier, a vital aspect of a modern SSH key management solution is that it’s scalable as an organization grows from a handful of employees to potentially thousands.

A cloud-based identity and access management (IAM) solution provides an IT organization with a centralized place to manage SSH keys for the entire fleet and employee roster. With cloud-based IAM, organizations can manage their SSH keys along with user authentication to their Mac®, Windows®, and Linux devices as well as to cloud, virtual, and on-premises servers. 

The JumpCloud Directory Platform provides a turn-key, out of the box solution for cloud IAM including SSH key management, serving organizations ranging from startups to Fortune 500-sized companies. JumpCloud allows you to create, assign, and deactivate SSH keys as part of your employee onboarding and offboarding processes, leveraging mutual TLS for key transmission to meet even the most stringent security requirements. 

The process of adding SSH keys in JumpCloud is simple: public keys are created on the specific device via the command line. This can also be done using the JumpCloud command runner. Once created, the admin can assign the key to its specific user through their User Details tab in the Admin Portal. Users can also add the keys themselves through their User Portal.

With JumpCloud, SSH key management will be integrated with the employee cloud directory solution. An IT administrator doesn’t have to remember to delete an employee’s SSH keys when they exit the organization.

When the offboarding process is triggered and a user is suspended or deleted, that user automatically loses access to all corporate resources, including their SSH keys. If a user is specifically deleted, so is their SSH public key, rendering the pair unable to be leveraged against an organization. JumpCloud also manages secure server access via passwords and can also add multi-factor authentication to the access process.

Beyond servers, IT admins can manage user access to Mac, Windows, and Linux devices, applications both on-prem and in the cloud, infrastructure, and much more. With JumpCloud, IT admins have one centralized place to manage nearly all of their IT environment.

Try JumpCloud Free

As you consider how to increase SSH key management automation, consider the benefits that combining it with your IAM solution will bring. Ready to take back control of SSH key management? Try JumpCloud’s no credit card required, no time limit, up to 10 users and devices test drive.

Continue Learning with our Newsletter