Source: www.hashicorp.com
Managing SSH Access at Scale with HashiCorp VaultCategory: Database, Security, Infrastructure, Hashicorp
A fully managed platform to automate infrastructure on any cloud with HashiCorp products. Learn how to build scalable, role-based SSH access with SSH certificates and HashiCorp Vault.
The common reaction to the growing risks around key management is to simply seek out “SSH key management tools” in Google and review industry reports.
The user’s SSH public key will be signed by the Vault SSH CA and returned to the user.
Let’s test Bob’s login: Generate an SSH key pair for Bob: Login to Vault: Let's get the public key signed by Vault: Let's confirm the principal in the certificate team-a: Now Bob can use the signed certificate to sign in with the appadmin user and team-a principal: However, if Bob attempts to use the admin user, it will fail since the team-a principal is not allowed in the admin user on the host: What if Bob attempts to get his SSH public key signed with the administrator principal?
The common reaction to the growing risks around key management is to simply seek out “SSH key management tools” in Google and review industry reports.
The user’s SSH public key will be signed by the Vault SSH CA and returned to the user.
Let’s test Bob’s login: Generate an SSH key pair for Bob: Login to Vault: Let's get the public key signed by Vault: Let's confirm the principal in the certificate team-a: Now Bob can use the signed certificate to sign in with the appadmin user and team-a principal: However, if Bob attempts to use the admin user, it will fail since the team-a principal is not allowed in the admin user on the host: What if Bob attempts to get his SSH public key signed with the administrator principal?
Related Articles
Community Partners
DevOps Careers