SSH key Management
SSH Key Management
Automated SSH Key enrollment, distribution & life-cycle management
The problem many organizations face today is that their IAM solution does not support SSH keys as a method of login.
Technically speaking, the existing IAM solutions are unable to bridge the gap between numerous authorizations within a Unix/Linux server estate and the identities and authorizations found within the centrally managed AD/LDAP.
Like with any method of authentication, SSH logins are governed by corporate IAM, which in the simplest form answers the question of who can access and where? Usually, the source of truth for this is the corporate LDAP, Active Directory (AD) in many cases, which hosts the relation between identities and their allowed locations of access. With SSH keys this landscape is however very different: no such single source exists, but instead, authorization information is distributed across the Unix/Linux server estate itself. If a company hosts 100 servers, then this equates to that there are 100 individual decision (or breach) points for access. As one access can lead to another, the real figure can be much larger.
Centrally Manage your SSH Keys
Many, or even all, Unix and Linux logins go ungoverned, without the ability to determine which key belongs to which identity and if the access is in breach with company IAM guidelines. In practice, this means that an unknown identity may login with a key that is not even known to exist. To make things even worse, SSH logins are generally for privileged access, the most critical form of access.
The RCDevs’ SpanKey solution provides SSH key life-cycle management from self-service web enrolment to automated key distribution to auditing unwanted access and renewal of outdated keys. SpanKey operates on standard LDAP/AD with authorizations conveniently managed in the same central location as related identities. SpanKey solution is designed to support even the largest of IT estates.