Frequently Asked Questions

Quick answers to common questions

What is SSH Key Management for Teams?

SSH Key Management for Teams is a cloud-based SSH Key Management solution. It provides a central database for storing and managing SSH public keys and SSH accounts, so you can assign them to end-users to grant them access to SSH devices.

What is SSH Key Management?

SSH Key Management is the process of generating, storing, and distributing SSH keys to users and services that need to communicate securely over the internet. Properly managing SSH Keys helps keep systems secure by limiting access to authorized users and preventing unauthorized access.

Do users have to adopt a new process for using SSH Keys?

Absolutely not. We designed our key management solution to have minimal impact on the end user. End users do not need to change their SSH terminal client or how they use their SSH keys. Uploading their public keys to their account on your domain is the minimum action required.

If users want a more streamlined process, we provide a free Desktop SSH Agent client that will synchronize their public keys with your domain and prompt the user to generate new keys when they expire. However, this software is optional, and users can continue using their existing clients and processes.

How are the private keys stored?

The SSH Key Management for Teams cloud solution does not store your private keys.

When users use the Desktop SSH Agent client, private keys are stored on their local computer in the standard OpenSSH private key format, optionally encrypted by a passphrase.

Is the configuration complicated?

We have created a command line tool that can provision servers quickly. It can connect over SSH to your server, install and configure the SSH Team Helper programs, and test that authentication via your domain is working correctly.

Once provisioned, you grant access to a server by editing the SSH Account resource on your domain and assigning any users that require access.

How do you synchronize keys with my servers?

The preferred method of key synchronization is to use the OpenSSH AuthorizedKeysCommand directive. When this is not supported, or the device configuration prevents its use, the keys are synchronized on an hourly schedule using a cronjob for each user.

Can my users still use PuTTY?

Yes, of course. Users can continue to use the SSH clients they currently use. Our Desktop SSH Agent is also fully compatible with PuTTY and can replace Pageant for authenticating with their private keys.

Does your cloud service need to log into my server?

No, our cloud service does not need to log into your servers, and there is no requirement to do so other than the initial provisioning of the server where scripts and programs are installed to set up the trust mechanism with your domain.

Once provisioned, no attempt is made by our cloud service to log into your servers.

What ports do I need to open on my firewall?

You do not need any inbound ports open, as the cloud service does not connect to your servers. Your domain must be accessible via port 443 outbound from your servers.