What are the advantages of using SSH keys to control access for multiple users?

    October 17, 2019

    SSH keys offer a means for site administrators to allow multiple individuals to share one user and all associated permissions while remaining PCI-compliant.

    Benefits

    If you require SSH access for multiple users, the use of SSH keys instead of individual logins can bypass many of the headaches involved in user management. When using SSH keys, the administrator sets permissions for one user account, creates multiple key pairs for one user account, and assigns a unique key pair to each individual. Because this method uses unique key pairs instead of traditional login credentials, this maintains PCI DSS compliance despite the shared user account.

    The use of multiple SSH keys to grant secure server access to multiple individuals affords three advantages over assigning separate user accounts with traditional login credentials.

    • Grants access to multiple parties without sharing passwords

    • Simplifies permission management; all parties log in as the same user and thereby share permissions

    • Allow for easy access revocation as needed

    For example, if you employ a developer and a webmaster, and both individuals require SSH access, you can create one user, set appropriate permissions, and then distribute a unique SSH key pair to each individual. Most importantly, these individuals never share passwords and therefore comply to PCI DSS.

    How they work

    SSH keys avoid traditional login credentials in favor of a key pair consisting of a private and a public key. Both keys are required for server access. The private key is unique to each user and is stored on that user’s device, where it will never be revealed to the server or to another user. Furthermore, SSH keys are significantly more complex than traditional passwords, making them much more resistant to brute-force attacks.

    Managing users

    Using SSH keys, when an individual no longer requires access, you can delete the public key from the server and leave the user intact. This prevents issues that arise when attempting to access files belonging to a user that no longer exists.

    ATTENTION: Audit your SSH keys list regularly and delete any not currently in use. Unmanaged keys represent a significant security risk.

    Servers store public keys in the /home/<username>/.ssh/authorized_keys directory, but <username> with your username. Removing the key only requires the deletion of this line from the directory.

    Creating SSH keys

    For assistance with their creation, see How to create SSH keys in macOS and Linux or How to create SSH Keys in Windows with Putty


    For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

    Was this article helpful?

    Send feedback

    Can’t find what you’re looking for?

    Our award-winning customer care team is here for you.

    Contact Support