centralized audit server solution for mutiple server management [closed]
Solution 1:
Each server's ssh port should not open to the public, it is dangerous.
This is not true, especially if you are using keys with good pass phrases and have disabled password logins (you have haven't you).
If one server is accessed by multiple person with the same account, we cannot tell who is logged in.
In your current scenario this is correct - shared accounts are not a Good Thing. However with suitably verbose sshd logs you can see who logged in when.
It is hard to remove or revoke someone's ssh key for those server's.
There are tools available that will allow this to be automated - puppet, chef, ansible etc - configuration management tools in general.
A general solution to you problem is to
- Provide everyone with their own account (automate it with a configuration management tool)
- Stop using shared accounts.
- Give everyone suitable sudo access.
- Use rsyslog to ship all the logs to a central log server.
This allows you to log the individual users accessing the system. With suitable education you can also log individual users use of the administrative account.