Scaling Your SSH Strategy

In our last post, we discussed some of the challenges that are inherent to management of SSH keys across your infrastructure as you scale the number of team members and servers. In this post, we will dig into some of your options and the trade-offs that they provide. Review Before we get going, let’s recap the main criteria that we are concerned with for any solution that we implement. Briefly, we want to ensure that you are able to control authentication and authorization for each user on each server. You will also want to be able to generate and analyze an audit trail in the event of a compromise, however this may not be an immediate requirement depending on your regulatory environment. Solutions Each User Has Their Own Key When you first start building your systems it is common to either share credentials with anyone who needs access, or to

Read more

The Key To Your SSH Strategy

If you work with systems that run any variety of Linux or BSD then the probability is high that you have dealt with SSH. Invented in 1995 and established as an internet standard by the IETF in 2006, Secure SHell has become the default mechanism for remote access to servers by individuals and teams everywhere. SSH Authentication Authenticating yourself to *nix servers can take a variety of forms, but the most common among them are simple pairings of username and password, or a public and private cryptographic key. Key based authentication is widely regarded as the preferred method due to the greater security that it provides. Passwords Using a password as the means of establishing your identity is subject to a variety of weaknesses. If you monitor the system logs of any server that has an SSH server accessible to the internet, you will see a nearly constant barrage of

Read more