I'm managing a bastion setup with about 25 boxes and a jumphost. Each user has their own SSH key, which can get complicated. What are some strategies you use to streamline key management? I'm concerned about the security risks of managing individual keys and I want to know how I can handle things like key rotation every three months or revoking access when someone leaves. Any tips or tools you recommend for this situation?
5 Answers
I personally use Termix across different environments, and it really simplifies managing SSH connections.
We automate user management with Ansible too. If someone leaves, I just set their key to 'absent'. We typically rotate keys only when there’s a security issue or for specific needs like integrating Yubikeys. Can you share what issues you are hitting that make this feel like a pain point for you?
Automation is definitely the way to go! Using Ansible allows you to easily manage key rotation and revocations. For just 25 users, off-the-shelf tools might feel overkill unless you have specific compliance needs. Also, consider implementing Multi-Factor Authentication (MFA) on your bastion host to enhance security; it’s not as complicated as it sounds, even with SSH.
Managing all those keys and accounts manually can be a hassle. One approach is to keep all 25 keys and accounts but manage them with automation tools like Puppet or Ansible. This can simplify the process significantly.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures