How IT admins manage their digital assets can have a tremendous impact on an organization’s security. Whether it is access credentials like passwords and SSH keys, or assets used to create work product, it’s critical that IT is able to effectively manage all of the company’s IT resources.
SSH keys are one resource that have commonly been under managed. So what is SSH key management, and what does it look like to properly manage SSH keys?
Before we explain SSH key management, let’s make sure we understand how they are used.
Using SSH Keys
SSH keys are used to access the SSH protocol. The SSH protocol uses the client/server model to create an encrypted path of communication that is used for remotely logging into one computer from another. Because of how secure it is, the SSH protocol has become widely used to carry out critical tasks like executing remote commands and managing network infrastructure.
A couple of methods exist for accessing the SSH protocol – passwords and SSH keys. It is not recommended to use passwords because their level of security is relatively low. SSH keys on the other hand can be a very secure method because they are made up of very long strings of composite numbers and prime factors. This is more challenging to crack than passwords, and is why SSH keys are favored over passwords for authenticating to the SSH protocol.
The number of SSH keys within an organization can escalate rather quickly. For example, let’s say a certain group of engineers needs access to the same production server. Each engineer will then have their own set of SSH keys to authenticate to that same production server. As that company grows and that engineer group grows, the number of SSH keys grows too. In fact, Fortune 500 companies tend to have millions of SSH keys.
What does SSH key Management mean?
Proper management over any type of resource and its access credentials enables a secure, well controlled environment. Effective SSH key management means IT is able to provision and deprovision SSH key access, know which SSH keys are compromised in the event of an attack, and grant varying levels of control since not every engineer needs root level access. A recent study of a Fortune 500 company revealed they had 3 million SSH keys granting access to live production servers with 90% no longer in use and 10% granting root level access (SSH.com). When SSH key management is not part of your infrastructure, 90% of the employees that shouldn’t have access might still have access to critical work product. Wouldn’t it be nice if SSH key management took place in the same solution where you already manage a user’s access to systems, apps, WiFi, and storage?
SSH Key Management with DaaS
The good news is a new generation of identity and access management has emerged called Directory-as-a-Service® (DaaS). Our cloud-based directory maps a user’s single identity to all of the resources they need access to – Linux, Mac, and Windows systems, on-prem and web-based applications, wired and WiFi networks, and physical and virtual storage. By gaining a centralized environment with DaaS, IT is able to efficiently disable that user’s access to all of their IT resources with a couple clicks, including their SSH key access.
Self-Service SSH Key Management
Additionally, SSH key management can be completely administered by the end user. IT provisions a user to remote systems, and then the user generates their own SSH key pair on their own device. The user keeps the private key securely on their device and stores the public key in the JumpCloud user portal. Once the public key is in the user portal, it is automatically distributed to the infrastructure the user was provisioned to. Also, the user is able to manage rotation and updates as needed without an admin stepping in.
By leveraging our virtual identity provider, SSH key management becomes simple, IT achieves widespread visibility over their environment, and users gain frictionless access to all of their digital assets.
If you would like to learn more about SSH key management and user access to remote servers, consider reading Tamr’s story and how they centralized user access to about 300 remote servers. If you’re ready to get started with JumpCloud, the quick video below is a great resource for setting up users, systems, and groups. Furthermore, this link will take you to a Knowledge Base article that can help you with using SSH keys in JumpCloud.
Please drop us a note if you have any questions about JumpCloud’s SSH key management, and you’re also invited to sign up for a free account. You’ll be able to explore all of our features, and your first ten users are free forever.