SSH Key Server
The JADAPTIVE Key Server provides centralized management of SSH keys with the ability to revoke and assign access to SSH hosts using role-based access.
SSH Key Server
The JADAPTIVE Key Server enables centralized management of SSH keys across the heterogeneous environment. It provides unparalleled visibility of access and facilitates the quick and easy assignment of SSH account access to a user or their role.
Built with Maverick Synergy
**NEW** JADAPTIVE is pleased to introduce the first release of our new SSH Key Management solution for SMEs. Take control of your network and reclaim authority over your remote privileged accounts.
What’s wrong with the status quo?
Managing SSH keys, even within a small organization, can be time-consuming and labor-intensive. The typical configuration of an SSH server is to place the Public Key of each user that requires access in the accounts authorized_keys file.
Once granted access, users are free to modify the authorized_keys file themselves and add or remove keys at will, and it has also been a common practice across Administrators to share keys. These practices lead to a loss in accountability with no dedicated record of who should have access to which systems, making the network vulnerable to exploits from an unwanted actor.
How does SSH Key Management help?
A centralized Key Management infrastructure helps the Administrator take control of dispersed keys by centrally controlling the content of the authorized_keys file, simplifying the introduction of recommended industry practices such as Key Rotation and Verification.
Granular access control via role-based access empowers the Administrator to grant or revoke access to one or more Remote Accounts with a single and immediate operation.
Central management of Public Keys ensures that each Key can be validated to ensure the uniqueness of each managed Key. The Key Expiry mechanism ensures that all Keys rotate in line with the companies security and industry policies.
The following steps outline the basic steps needed to get started with the SSH Key Server. If you need further help then you can take a look at our Manpage or if you get really stuck contact our support team by emailing support@jadaptive.com.
Install SSH Key Server
First step is to install the service on your preferred platform. Builds are currently available for Linux and Windows.
Download the installer package and upload to your server. Follow the Instructions to complete installation.
Log into the SSH Management CLI
You can find more information about your first login to the SSL CLI in our Logging in for the first time article. Below is a compacted version of those instructions.
In the console of the server where you installed the SSH Key Server service, use the ssh command to log into the Management CLI port. The default password for the admin account is admin
. On the first login, you will be prompted to change this.
ssh -p 2222 admin@localhost
Install Integration Scripts
You should now install the integration scripts on your target servers. These scripts will replace the standard authorized_keys files on those servers with a script that requests the accounts authorized keys from the Key Server. This requires AuthorizedKeysCommand
support in the SSH server. If this is not available you can instead install Manual Synchronization Scripts.
Download the integration scripts from your Key Server using the URLs
https://<server>/scripts/jadaptive.deb https://<server>/scripts/jadaptive.rpm
Login to the target server and install the platform package.
Debian/Ubuntu:
sudo dpkg -i jadaptive.deb
Centos/Fedora:
sudo rpm -i jadaptive.rpm
Set the configuration of your Key Server by editing /etc/default/jadaptive-keyserver
. Set the GATEWAY_HOST
value to the fully qualified domain name of your Key Server installation.
If you have not had a chance to install a fully signed SSL certificate on the Key Server yet, make sure you set ALLOW_INSECURE_GATEWAY
to a value of y
otherwise the scripts will not connect. Be sure to change this back when you deploy your fully signed SSL certificate.
Now, from any of the accounts you want to integrate with the key server execute the following command:
keyserver-sync <home-directory> <username>
Logging back into the Key Server CLI execute the command below to ensure your configuration registered with the key server. You should see an entry for each account you executed the keyserver-sync script on.
# remote-accounts Account Hostname ------- -------- root mysql
Create User
You now have to assign the remote account to a user account. To create a user account you can use the create-user
command.
# create-user Username: lee Full Name: Lee Painter Email: lee@jadaptive.com Password: ***** Confirm Password: ***** Created user lee
Generate an SSH Key
Now that the user account is created, you can generate and assign an SSH key to the user.
# ssh-keygen -a lee
This will output the private key to the console, copy it and distribute it to the user for which you created the account. The public key will be attached to the users account on the key server.
*** IMPORTANT *** Your private has been created and has been printed below. There is no other record of the private key on this server. Therefore please copy this to a safe location or it will be lost. -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACFFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAG CdrWy8zLwloDzZNrsyotAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIK0D rEYxSL3bpz4drRUdt76CJ1ZsSdPAh0VrjyFtnnFUAAAAkNaWKUIn9vbaEJ/2jIhu r1hfay/b1XQ7t5W624d7BbwNcaYPOsKK7s5UkI3R0qLxGCEYP2ocGtPpT7H+kzKM OCzSTK2NBh941GKCfm+jKIW60aa17Ae4Pf6am6xkiA+ZXgYM5uDjZVyPlI04Vvdb UeAS1BLJzrT01ULIIVKPzberjGqItN2hzgFL7B+sgy3/Jg== -----END OPENSSH PRIVATE KEY----- SHA256:0wvYB/w9v38vapxOC+6ZRDSU9VGSQoxHK/dRjfgshyc xivip-mecup-mepeb-ralel-fobyr-zelyf-rusyz-zofah-fovub-gimoz-tixix
Assign Remote Account
Now that the user account has an SSH key, you can now assign the remote account to the user. This will create the necessary mapping to ensure that users keys appear in the remote account for SSH public key authentication.
# remote-assign-user root@mysql lee
Connect to Remote Account
The user can now connect to the remote account using SSH public key authentication.
ssh -i <keyfile> root@mysql
For more information, including further authentication and configuration options please visit the JADAPTIVE Manpage for SSH Key Server.
Foundation
Edition
FREE
- SSH Management CLI
- Unlimited Key Management
- Integrated scripts
- Maximum Security
- No Support
Professional
Edition
Contact Us
- Web Management UI
- Auditing
- Active Directory Support
- Unlimited Email Support
- 2-Factor Authentication