IT admins are curious about the identity and access management (IAM) capability for SSH (secure shell) key management. SSH keys have become more popular as of late with the increase in cloud Linux® servers and the need for heightened security measures. The challenge with the use of SSH keys is how to easily and securely manage them across an enterprise. In an ideal scenario, an IAM solution would have the capability to manage SSH keys in coordination with an associated user identity.
What are SSH Keys?
SSH keys are used as a form of authentication—usually used instead of passwords to authenticate access to servers. SSH keys work over the Secure Shell (hence SSH) protocol and form an encrypted tunnel between the client and server. SSH keys are a pair of credential tokens, one public and the other private. The public key is placed on the server, while the private key remains securely in the property of the user who created it. When the user presents their private key to the server’s public key, a cryptographic match is established and the communication is authenticated.
Because AWS® and other cloud infrastructure providers mandate the use of SSH keys for cloud server access, modern approaches to SSH key management are becoming a very hot topic. Historically, admins would be on the hook to manage the deployment, rotation, and expiration of SSH keys on servers. Sysadmins may end up manually handling the chore, scripting the process, using configuration management tools, or utilizing specialized IAM solutions to do so.
SSH Key Management in IAM
As the traditional identity management infrastructure within organizations is being upended with a significant shift to the cloud, a standalone system or process for SSH key management ends up being a burden for IT and system admins. Ideally, the process of managing SSH keys would be embedded into the core identity and access management platform with little to no overhead involved. Public keys could be uploaded to the identity management platform, using the system to automatically distribute keys to their requisite servers. Admins could automatically decommission keys centrally, (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/iam-capability-ssh-key-management