This guide addresses how to manage access to modern server fleets. Today, organizations are dealing with elastic infrastructure that includes thousands of servers with VMs that are launched and deleted every hour. In addition, the people that need to access the infrastructure may come and go in the organization and their roles may change while they are at the organization. This makes it difficult to implement a scalable system of Zero Trust Access Management to the IT infrastructure.
This guide does not attempt to be a complete overview of the infrastructure access management landscape and omits many topics such as Kerberos, SSSD and GSS-API. Instead, it focuses on patterns and anti-patterns that have we have seen implemented by system administrators building access management on top of OpenSSH systems, while trying to adopt to the new regulatory and scalability requirements.
We adopted many of the SSH infrastructure patterns mentioned here while building Teleport, an open source software solution to implement zero trust security that doesn’t get in the way.