-
Notifications
You must be signed in to change notification settings - Fork 5
Home
sshkm edited this page Mar 9, 2017
·
11 revisions
With SSHKM you can manage your SSH-public-keys.
You can store them centrally and group them together.
Then you can deploy them to your Hosts and have exactly the Keys in your authorized_keys files that you defined.
Everytime you deploy them to a host keys which are not configured in SSHKM will be overwritten.
So you can be sure that no one unwanted can connect to your hosts.
(This only applies for operating system users you create in SSHKM which will be described later.)
Your Groups can be departments, external companies, workgroups, groups of servers or what ever makes sense for you.
Groups should help you in situations when one employee leaves the company and another takes his position for example.
In such a case you only have to delete the key from the old employee and create one for the new. Now you add the new employee to the group(s) he belongs to.
When you have your Groups of Keys you can create your Hosts. Typically these are your web-servers, database-server, application-servers ...
As soon as you have finished this you create the OS-Users to wich you want to deploy your keys on your target hosts. | At least root would make sense. But every user someone want to connect with hist ssh-key should be created here (john, oracle, webappuser, ...).
Finally you want to put everthing together with Permissions. Here you define which Group (of Keys) should be able to connect to which Host as which OS-User.
There is no fixed order in which you configure your Keys, Hosts, Groups, ...
To be able to deploy public keys to your environment SSHKM uses SSH-keys itself.
First login to SSHKM as user with admin privileges. The default user is admin with password admin (you can and should change this password in the settings page).
Navigate to the settings page. This is the little gear-wheel icon in the top right corner.
Here you can upload the public and private SSH-key wich SSHKM will use to deploy all your further configurations.
To distribute your Master public key to your Hosts in the first place it is recommended to use Ansible, Puppet, Chef, ...
Now you can create Hosts.
You can use hostnames or IPs.
You only need to make sure that SSHKM resolve your Hosts and is able to connect to them. If there is a firewall between the SSHKM-server and your target host you have to be sure to make SSH connections possible.
Create Groups to assign Keys later.
Keys are what you finally want to deploy.
These are the public keys which should be able to connect to your target hosts.
OS-Users are typically root, oracle, john, ...
Be sure that at least the root user is created.
Permissions is where it all comes together.
Here you define which group (of keys) should be able to connect to which Host as which OS-User.
Congratulations!
Now you should be able to start your first deployment
Navigate to Hosts and either deploy one host by another or select multiple hosts and deploy them together.
With a singe deployment you should see the result immediately.
If you choose a multi-deployment it will start in the background. You will see the results as soon as the job for every host is finished. Refresh the page to get current results.