By Ryan Squires Posted October 22, 2018
Who would have thought that IT admins and DevOps engineers would be talking about SSH key management for Microsoft® Azure®? As a Microsoft-specific platform, you might assume that Azure works only with Windows® systems (hence more likely to be accessed via username/password), but Azure does, in fact, support Linux® cloud servers. Linux remains a very popular OS among those leveraging services from infrastructure-as-a-service (IaaS) providers like AWS® and GCE. In line with the two aforementioned providers, SSH key utilization is often the best way to enable entry and control access to Linux servers – Azure included. For IT organizations and DevOps engineers, the question quickly shifts to, “what’s the best practices approach to SSH key management for Azure?”
Active Directory (AD) and Azure AD
After contemplating that question, you may be thinking that you can just use Active Directory® (AD) to manage your SSH keys. Or better yet, you may think that you can use Azure Active Directory and shift your infrastructure, as well as SSH key management, to the cloud. While those sound like worthy considerations, neither on-prem Active Directory or Azure Active Directory are natively set up to be an SSH key store. With some adjustments, it is possible to make AD or Azure AD your SSH key store, but there are far easier and better ways to achieve SSH key management for Azure Linux servers.
A Problem of Identity
A user identity can be instantiated as a username and password, but also as SSH keys or as multi-factor authentication TOTP (time-based one-time password) pin codes and biometrics. Each instantiation often requires its own input methodology, so users fall victim to identity sprawl, password reuse, and login fatigue. Each user remains an individual, yet he or she can often have somewhere in the ballpark of 191 passwords to remember at any given time. Couple that with the fact that most users who leverage SSH keys have multiple keys to manage, and now you’re looking at one whale of a problem. In short, there is only one you, why should you have 191+ instantiations of that identity to manage? The better way to manage identities is to leverage a cloud identity management platform, like JumpCloud® Directory-as-a-Service®, which centralizes disparate identities (including SSH keys) into one browser-based admin console.
A Cloud SSH Key Solution
With True Single Sign-On™ from JumpCloud, users are able to leverage one singular identity for the entire scope of their IT resources. That means one set of credentials for their system, cloud infrastructure (SSH keys), applications that leverage LDAP (Docker®, MySQL™), networks via RADIUS, and a whole slew of SAML-enabled web applications like Slack, Salesforce® and G Suite™. And speaking of G Suite, IT admins can provision accounts from G Suite, Office 365 (O365), or Workday™ so that users can easily remember their credentials and login to their resources with no problems.
Step Out of Manual SSH Key Management
By implementing JumpCloud Directory-as-a-Service, IT admins and DevOps engineers can step out of the middle of manual SSH key management and automate the distribution and removal of SSH public keys. End users can securely upload and manage the keys on their own. How? Users upload their SSH keys to JumpCloud which then get pushed to each and every server that users may need to access to—whether there are 5 servers or 5,000+. IT admins, while not needing to be involved in this process, still have the ability to deprovision user access from the JumpCloud console across a single Linux instance to groups of Linux servers. And because there is only one identity to deprovision, access is cut in one fell swoop.
Not a JumpCloud Customer?
Now that you’ve seen just how powerful SSH key management for Azure can be with JumpCloud Directory-as-a-Service as your core user store, please feel free to drop us a line to learn more. If you want to get to work managing users, our free account allows you to manage up to ten users for free, forever. Sign up today. Once you’re signed up, visit our Knowledge Base for helpful information on how to get the most out of your JumpCloud account.