niels Posted December 27, 2011 Share Posted December 27, 2011 Hey everybody, at the company I'm working for, the number of servers is climbing very fast nowadays. Now we're looking for a way to manage the access to these server instances, now is using ssh and PKI, so manually deploying/managing the keys is a hard task. Also managing password of different services on the servers, is running out of control. Does anybody know a good way of solving this, or some software implementation that could free us from this burden? I was thinking of maybe using the YubiKey, for authentication. Thanks a lot in advance. Regards, Niels Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 27, 2011 Share Posted December 27, 2011 This approach may not be suitable depending on what the servers are using for. You could setup LDAP and give those who need root sudo. Quote Link to comment Share on other sites More sharing options...
niels Posted December 28, 2011 Author Share Posted December 28, 2011 This approach may not be suitable depending on what the servers are using for. You could setup LDAP and give those who need root sudo. I did some more investigating on my own. And I was thinking that a setup like this would work: Setup an OpenRADIUS or YubiRADIUS server, add all my current servers as Radius clients. Then use a pam module with ssh so people could login. This way I have Authentication, Authorization, and Accounting (AAA) but this has one drawback I can't manage privileges of the different users. Downside is everybody could login on al the servers, that's something I would like to prevent. So anybody who has a solution or comment on my idea? Just exploring these solutions/ options / ideas myself so don't shoot me if I got the facts mixed up :). But I'm eager to see what comment you guys have? Does anybody has some experience with IAM systems (Identity and Access Management systems)? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.