Quick answers to common questions
SSH Key Management for Teams is a cloud-based SSH Key Management solution. It provides a central database for storing and managing SSH public keys and SSH accounts, so you can assign them to end-users to grant them access to SSH devices.
SSH Key Management is the process of generating, storing, and distributing SSH keys to users and services that need to communicate securely over the internet. Properly managing SSH Keys helps keep systems secure by limiting access to authorized users and preventing unauthorized access.
Absolutely not. We designed our key management solution to have minimal impact on the end user. End users do not need to change their SSH terminal client or how they use their SSH keys. Uploading their public keys to their account on your ssh.team domain is the minimum action required.
If users want a more streamlined process, we provide a free Desktop SSH Agent client that will synchronize their public keys with your ssh.team domain and prompt the user to generate new keys when they expire. However, this software is optional, and users can continue using their existing clients and processes.
The SSH Key Management for Teams cloud solution does not store your private keys.
When users use the Desktop SSH Agent client, private keys are stored on their local computer in the standard OpenSSH private key format, optionally encrypted by a passphrase.
We have created a command line tool that can provision servers quickly. It can connect over SSH to your server, install and configure the SSH Team Helper programs, and test that authentication via your ssh.team domain is working correctly.
Once provisioned, you grant access to a server by editing the SSH Account resource on your ssh.team domain and assigning any users that require access.
The preferred method of key synchronization is to use the OpenSSH AuthorizedKeysCommand directive. When this is not supported, or the device configuration prevents its use, the keys are synchronized on an hourly schedule using a cronjob for each user.
Yes, of course. Users can continue to use the SSH clients they currently use. Our Desktop SSH Agent is also fully compatible with PuTTY and can replace Pageant for authenticating with their private keys.
No, our cloud service does not need to log into your servers, and there is no requirement to do so other than the initial provisioning of the server where scripts and programs are installed to set up the trust mechanism with your ssh.team domain.
Once provisioned, no attempt is made by our cloud service to log into your servers.
You do not need any inbound ports open, as the cloud service does not connect to your servers. Your ssh.team domain must be accessible via port 443 outbound from your servers.