Multiple users, Multiple servers, SSH key management

Solution 1:

Except it puts its own key on to the server, where instead I need it to use the keys I provide it.

I've had a couple of ppl ask for that. I added a way to specify the key pair in the latest release.

https://github.com/skavanagh/KeyBox/releases

https://github.com/skavanagh/KeyBox#supplying-a-custom-ssh-key-pair

Let me know if you have any issues. Thx!

Solution 2:

Check out Userify, manages user accounts, SSH keys, and sudo roles, and doesn't need a central directory server that can go down (locking you out of all your instances.. been there.)

It's pretty easy to deploy using AWS's User Data (under the Advanced tab of instance launch) or stick it right in the UserData script for an autoscaling group or whenever you're launching an instance by hand, which is great because it works before you even log in. (Or you can just paste the one-liner into your server console, but that's not nearly as fun..)

It supports Chef, Puppet, Ansible, CloudFormation/CloudInit, and TerraForm for deployment, and each user (developer/admin/etc) gets his own web login to update multiple keys (just paste). decent interface, pretty painless.

For your specific needs (that is, large numbers of servers in individual groups over disconnected/slow web connections), I would use Userify Express self-hosted and set the poll time very high (at least 90 seconds) and create fake (non-human) users -- one for each group. Of course, you could just use real human user accounts, since you can remove human users from a large group of servers or all servers with just one click in Userify, and the users themselves can then distribute their own keys just by updating their keybox. Userify only needs https access (443 TCP) from the servers to your Userify server.

(Although you could just share keys like that, having humans have their own keys is safer; disassociating human users with individual account access breaks logging and auditing on the end servers, although it doesn't sound like that's a concern here, but most security policy frameworks like HIPAA and PCI require one human user per individual account access and ban sharing creds. Still, you can do that in Userify and even distribute private keys to groups of servers, but that method is not recommended except for service/system/automation accounts like backups or configuration management systems like Ansible.) (disclaimer: I work for Userify and helped design the original Userify model.)

Solution 3:

You could look at using LDAP with public keys http://code.google.com/p/openssh-lpk/

That would make it significantly easier to re-issue a key to a user if one gets compromised. Each user's private key can be either managed by that user or saved onto storage only they have access to (e.g. home directory).