0

I am adding multiple servers on AWS and I want to have a better way of managing SSH keys than I have in the past. I think AWS has a service built for this, through their IAM, management system, but I am not sure.

Is it possible to store one key in AWS and have all of the servers use that key for my account? For example, if we have three users, I would like to give all of them access to the servers with their own keys - but they wouldn't have to setup a key on each server as we normally would. If one of those users left the organization, I would like to disable their account to ensure the server isn't SSH'd into.

Is that possible, or am I misunderstanding AWS' key management possibilities?

askedJan 1, 2016 at 19:27
dingalingchickenwiing's user avatar
0

1 Answer1

1

No, it is not possible to control SSH keys with IAM. In a very broad sense, SSH key is for shell access, IAM is for AWS API access.

There may be other ways to do what you are trying to accomplish. What I do is write few ansible scripts to automate this. Ansible makes it very simple to do these tasks using Ansible's ec2 module

Script 1: Launch an instance, add the users and their public keys

Script 2: Delete the user's account on all machines or move/remove the user's authorized_keys file

Like I said Ansible knows the inventory and deletes/disables the user on all machines.

answeredJan 1, 2016 at 22:53
helloV's user avatar
Sign up to request clarification or add additional context in comments.

4 Comments

I just looked up Ansible's website - the product starts at $5000/year!
It is free. You don't need Ansible Tower.
I don't see any free editions on their site. Are you referring to the free trial? I'm googling for open source versions now.
Just install Ansible using pip. Try it.docs.ansible.com/ansible/intro_installation.html

Your Answer

Sign up orlog in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

By clicking “Post Your Answer”, you agree to ourterms of service and acknowledge you have read ourprivacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.