Secure and Manage SSH Access with LDAP, SSSD, and JumpCloud

Your startup is growing (such wow) and you are adding new engineers (very want) almost on a daily basis. It was fine when you had 5 people and 5 servers, but now managing who can ssh into what servers and environments is becoming a crazy dance of manually adding pub keys to authorized_keys whenever someone bumps into a permission denied (concern) and now your authorized_keys file has 30 entries and everyone is still sharing ubuntu@ or ec2-user@ omg OMG OK STOP. BREATHE. This article is for you. Read on and everything will be okay.

I will show you the magics.

The Magics you will learn:

• Centrally control ssh access to your ec2 instances — Know exactly who has what access to what environment and be able to add or delete a user from all instances at once. Sudo Passwords will also be centrally managed on JumpCloud.
• Fine grained access control — Grant and revoke root permissions on the fly as necessary

Things we will be using:

• SSSD — No it’s not misspelled. This is short for System Security Services Daemon
• LDAP (via Jumpcloud) — It’s free for 10 users so you can try first. You can achieve the same results with OpenLDAP but JumpCloud has other features like SSO that are really great and it all just…