Administrators often provide temporary SSH access to servers. For example, this is done for consultants that may be doing work on a server or perhaps building an application, third-party management firms supporting operations, or even when internal developers are accessing production machines to grab logs. The use cases are infinite.
Unfortunately, the way to grant temporary management access today is all manual. You need to create an account on the server and then manually get the credentials to the individual. And after that, you must remember that the access has been granted, as well as when it needs to be disabled. As we all know too well, this is something that can be easily forgotten. Worse still, you need to add them to an internal directory service like OpenLDAP or Microsoft Active Directory, and then they are on the “inside”. Ouch. This should never be considered the correct approach to granting temporary access.
For all of these reasons, we often hear from DevOps and IT pros that they want a quick and easy mechanism for creating temporary access. “Can you give us a way to temporarily give somebody access to a server or group of servers for a day or two?” Yup, we can, and it is easy, controlled, and effective. You will need our Directory-as-a-Service® platform first. Then, simply set up a time-based tag in our UI and grant temporary access to whomever you want. You can control the length of time and the group of IT resources that they have access to.
And when the time is up, so is their access. No manual steps to create access in the server and no manual steps in sending them temporary passwords, etc. The cloud directory service from JumpCloud® handles all of that work for you. Furthermore, all of their access is logged so that you know exactly when they log in and what they do while they are on the server.
Grant Temporary SSH Access Via Directory-as-a-Service
Gives you peace of mind, doesn’t it? If you want to better control access to your servers, give JumpCloud’s unified cloud directory and temporary SSH access functionality a try.