Who would have thought that IT admins and DevOps engineers would be talking about SSH key management for Microsoft®Azure®? As a Microsoft-specific platform, you might assume that Azure works only with Windows® systems (hence more likely to be accessed via username/password), but Azure does in fact support Linux® cloud servers. Linux remains a very popular OS among those leveraging services from infrastructure-as-a-service (IaaS) providers like AWS® and GCE. In line with the two aforementioned providers, SSH key utilization is often the best way to enable entry and control access to Linux servers – Azure included. For IT organizations and DevOps engineers, the question quickly shifts to, “what’s the best practices approach to SSH key management for Azure?”
Active Directory (AD) and Azure AD
After contemplating that question, you may be thinking that you can just use Active Directory®(AD) to manage your SSH keys. Or better yet, you may think that you can use Azure Active Directory and shift your infrastructure, as well as SSH key management, to the cloud. While those sound like worthy considerations, neither on-prem Active Directory or Azure Active Directory are natively set up to be an SSH key store. With some adjustments, it is possible to make AD or Azure AD your SSH key store, but there are far easier and better ways to achieve SSH key management for Azure Linux servers.
A Problem of Identity
A user identity can be instantiated as a username and password, but also as SSH keys or as multi-factor authentication TOTP (time-based one-time password) pin codes and biometrics. Each instantiation often requires its own input methodology, so users fall victim to identity sprawl, password reuse, and login fatigue. Each user remains an individual, yet he or she can often have somewhere in the ballpark of 191 passwords to remember at any given time. Couple that with the fact that most users who leverage SSH keys have multiple keys to manage, and now you’re looking at one whale of a problem. In short, there is only one you, why should you have (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: https://jumpcloud.com/blog/ssh-key-management-for-azure/