SSH Key Server

SSH Key Server

The JADAPTIVE Key Server provides centralized management of SSH keys with the ability to revoke and assign access to SSH hosts using role-based access.

SSH Key Server

The JADAPTIVE Key Server enables centralized management of SSH keys across the heterogeneous environment. It provides unparalleled visibility of access and facilitates the quick and easy assignment of SSH account access to a user or their role.

Download   Documentation

Built with Maverick Synergy

**NEW** JADAPTIVE is pleased to introduce the first release of our new SSH Key Management solution for SMEs. Take control of your network and reclaim authority over your remote privileged accounts.


What’s wrong with the status quo?

Managing SSH keys, even within a small organization, can be time-consuming and labor-intensive. The typical configuration of an SSH server is to place the Public Key of each user that requires access in the accounts authorized_keys file.

Once granted access, users are free to modify the authorized_keys file themselves and add or remove keys at will, and it has also been a common practice across Administrators to share keys. These practices lead to a loss in accountability with no dedicated record of who should have access to which systems, making the network vulnerable to exploits from an unwanted actor.

How does SSH Key Management help?

A centralized Key Management infrastructure helps the Administrator take control of dispersed keys by centrally controlling the content of the authorized_keys file, simplifying the introduction of recommended industry practices such as Key Rotation and Verification.

Granular access control via role-based access empowers the Administrator to grant or revoke access to one or more Remote Accounts with a single and immediate operation.

Central management of Public Keys ensures that each Key can be validated to ensure the uniqueness of each managed Key. The Key Expiry mechanism ensures that all Keys rotate in line with the companies security and industry policies.


The following steps outline the basic steps needed to get started with the SSH Key Server. If you need further help then you can take a look at our Manpage or if you get really stuck contact our support team by emailing support@jadaptive.com.

Install SSH Key Server

First step is to install the service on your preferred platform. Builds are currently available for Linux and Windows.

Download the installer package and upload to your server. Follow the Instructions to complete installation.

Log into the SSH Management CLI

You can find more information about your first login to the SSL CLI in our Logging in for the first time article. Below is a compacted version of those instructions.

In the console of the server where you installed the SSH Key Server service, use the ssh command to log into the Management CLI port. The default password for the admin account is admin. On the first login, you will be prompted to change this.

ssh -p 2222 admin@localhost

Install Integration Scripts

You should now install the integration scripts on your target servers. These scripts will replace the standard authorized_keys files on those servers with a script that requests the accounts authorized keys from the Key Server. This requires AuthorizedKeysCommand support in the SSH server. If this is not available you can instead install Manual Synchronization Scripts.

Download the integration scripts from your Key Server using the URLs

https://<server>/scripts/jadaptive.deb
https://<server>/scripts/jadaptive.rpm

Login to the target server and install the platform package.

Debian/Ubuntu:

sudo dpkg -i jadaptive.deb

Centos/Fedora:

sudo rpm -i jadaptive.rpm

Set the configuration of your Key Server by editing /etc/default/jadaptive-keyserver. Set the GATEWAY_HOST value to the fully qualified domain name of your Key Server installation.

If you have not had a chance to install a fully signed SSL certificate on the Key Server yet, make sure you set ALLOW_INSECURE_GATEWAY to a value of y otherwise the scripts will not connect. Be sure to change this back when you deploy your fully signed SSL certificate.

Now, from any of the accounts you want to integrate with the key server execute the following command:

keyserver-sync <home-directory> <username>

Logging back into the Key Server CLI execute the command below to ensure your configuration registered with the key server. You should see an entry for each account you executed the keyserver-sync script on.

# remote-accounts
Account Hostname
------- --------
root    mysql

Create User

You now have to assign the remote account to a user account. To create a user account you can use the create-user command.

# create-user 
Username: lee
Full Name: Lee Painter
Email: lee@jadaptive.com
Password: *****
Confirm Password: *****
Created user lee

Generate an SSH Key

Now that the user account is created, you can generate and assign an SSH key to the user.

# ssh-keygen -a lee

This will output the private key to the console, copy it and distribute it to the user for which you created the account. The public key will be attached to the users account on the key server.

*** IMPORTANT ***
Your private has been created and has been printed below.
There is no other record of the private key on this server.
Therefore please copy this to a safe location or it will be lost.

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACFFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAG
CdrWy8zLwloDzZNrsyotAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIK0D
rEYxSL3bpz4drRUdt76CJ1ZsSdPAh0VrjyFtnnFUAAAAkNaWKUIn9vbaEJ/2jIhu
r1hfay/b1XQ7t5W624d7BbwNcaYPOsKK7s5UkI3R0qLxGCEYP2ocGtPpT7H+kzKM
OCzSTK2NBh941GKCfm+jKIW60aa17Ae4Pf6am6xkiA+ZXgYM5uDjZVyPlI04Vvdb
UeAS1BLJzrT01ULIIVKPzberjGqItN2hzgFL7B+sgy3/Jg==
-----END OPENSSH PRIVATE KEY-----

SHA256:0wvYB/w9v38vapxOC+6ZRDSU9VGSQoxHK/dRjfgshyc

xivip-mecup-mepeb-ralel-fobyr-zelyf-rusyz-zofah-fovub-gimoz-tixix

Assign Remote Account

Now that the user account has an SSH key, you can now assign the remote account to the user. This will create the necessary mapping to ensure that users keys appear in the remote account for SSH public key authentication.

# remote-assign-user root@mysql lee

Connect to Remote Account

The user can now connect to the remote account using SSH public key authentication.

ssh -i <keyfile> root@mysql

For more information, including further authentication and configuration options please visit the JADAPTIVE Manpage for SSH Key Server.


Foundation
Edition

FREE

  • SSH Management CLI
  • Unlimited Key Management
  • Integrated scripts
  • Maximum Security
  • No Support

Download Now

Professional
Edition

Contact Us

  • Web Management UI
  • Auditing
  • Active Directory Support
  • Unlimited Email Support
  • 2-Factor Authentication

Documentation
Installation
Logging in for the first time
Working with the CLI
User Management
Key Management
Installing Syncronizaton Scripts
Configuring a Remote Account
Uninstalling
More…