Contact
Site: US UK AU |

What are the advantages of using SSH keys to control access for multiple users?

What are the advantages of using SSH keys to control access for multiple users?

Overview
SSH keys offer a means for site administrators to allow multiple individuals to share one user and all associated permissions while remaining PCI DSS-compliant.

Rationale

If you require SSH access for multiple users, the use of SSH keys instead of individual logins can bypass many of the headaches involved in user management. When using SSH keys, the administrator sets permissions for one user account, creates multiple key pairs for one user account, and assigns a unique key pair to each individual. Because this method uses unique key pairs instead of traditional login credentials, this maintains PCI DSS compliance despite the shared user account.

The use of multiple SSH keys to grant secure server access to multiple individuals affords three advantages over assigning separate user accounts with traditional login credentials.

  • Grants access to multiple parties without sharing passwords

  • Simplifies permission management; all parties log in as the same user and thereby share permissions

  • Allow for easy access revocation as needed

For example, if you employ a developer and a webmaster, and both individuals require SSH access, you can create one user, set appropriate permissions, and then distribute a unique SSH key pair to each individual. Most importantly, these individuals never share passwords and therefore comply to PCI DSS.

Function

SSH keys avoid traditional login credentials in favor of a key pair consisting of a private and a public key. Both keys are required for server access. The private key is unique to each user and is stored on that user’s device, where it will never be revealed to the server or to another user. Furthermore, SSH keys are significantly more complex than traditional passwords, making them much more resistant to brute-force attacks.

User management

Using SSH keys, when an individual no longer requires access, you can delete the public key from the server and leave the user intact. This prevents issues that arise when attempting to access files belonging to a user that no longer exists.

Attention: Audit your SSH keys list regularly and delete any not currently in use. Unmanaged keys represent a significant security risk.

Servers store public keys in the /home/<username>/.ssh/authorized_keys directory, but <username> with your username. Removing the key only requires the deletion of this line from the directory.

Creation

For assistance with their creation, refer to How to create SSH keys.

 

For 24-hour assistance any day of the year, contact our Support Team by email or through the Client Portal.

Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
 
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
How to secure your WordPress site
Added on Mon, Jul 20, 2015
What are file and directory permissions?
Added on Wed, Nov 12, 2014
How to install OpenVPN
Added on Fri, Mar 17, 2017
How to create SSH keys in Windows with PuTTY
Added on Tue, Jul 25, 2017
How to activate two-factor authentication in SiteWorx
Added on Tue, Nov 28, 2017
How to create a secure password
Added on Wed, Nov 12, 2014
How to patch your Magento store
Added on Mon, Jan 11, 2016
How to improve the security of your Magento store
Added on Wed, Nov 12, 2014
How to password-protect web pages with .htpasswd
Added on Thu, Jun 29, 2017
How to reset your SSH password and add SSH keys in SiteWorx
Added on Wed, Feb 8, 2017