[ALUG] Setting up SSH keys for an organisation

Mark Rogers mark at more-solutions.co.uk
Fri Aug 4 12:15:19 BST 2017


I understand the concepts behind key based SSH authentication, I'm
just looking for suggested "best practice".

Situation: Small company* using SSH to access various** Linux servers,
some internal, some external, currently using password-based SSH for
most of this, sometimes key based but managed on an ad-hoc basis.

Many of the clients are Windows based using PuTTY.

I want to shift everything to key based, and that requires me managing
the keys. In particular I want to be able to add a new user (and
therefore a new key), add it to servers as required (so not all users
will have access to all servers), and remove keys if required too (eg
someone leaves).

As a starting point, I can create public/private key pairs for each
user, add them manually to authorized_keys on appropriate hosts, and
give each user their private keys (in PuTTY's PPK format as needed).
That leaves me with several keys to manage securely, and a bit of a
maintenance headache keeping track of who is authorised where.

Suggestions?

* Small means, in this case, 3 users, but with plans to expand.
** Various means probably a dozen (maybe twice that) VMs, hosted
servers, etc, using a mixture of Debian and Ubuntu.
-- 
Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450
Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER



More information about the main mailing list