Alice works for Acme Corp. Alice is a developer who occasionally needs access to servers when she needs to better understand a production issue.
Acme Corp is a software as a service company. They run their service in the cloud. Acme has a number of disposable servers so they are regularly creating new ones.
Smith acts as an OpenSSH certificate authority that creates short lived credentials for Acme's servers.
Alice and her colleagues do not have active credentials for servers they might need access to.
This means minimising the risk of leaked SSH credentials.
This means off-boarding is no longer a complicated and risky process. No more time consuming analysis to identify the servers a user had access to and making sure they are all updated.
When Alice needs to access a server, she asks Smith. This request is specific and short-lived.
Smith, I want access to production for the next 60 minutes.
Empower your development and operations teams to access the servers when they need without your security procedures getting in their way.
Limited scope means limited risk. Credentials shouldn't compromise everything, forever.
Smith validates the request context and issues a short-lived, limited scope certificate.
Control access with sensible organisation and environment level policies.
Access is contextual. Operations on call, from the office network, let's give them access. Developer on holidays, from a location we don't know about, maybe not.
Context specific credentials means Smith gives you a detailed audit trail. No more guessing who had access to what or when.
Alice uses the tools she is familiar with, in this case
rsync, but any tools that work with OpenSSH will work with Smith.
Smith is built around OpenSSH. This means that it integrates into your workflows and it already works with your ssh dependent tools like packer or ansible.
The Acme Corp server trusts the public keys of a certificate authority registered with Smith. The server will use this public key to verify Alice's short-lived credentials and enforce any usage restrictions.
Servers don't need network access to Smith. All operations are done on-server using standard OpenSSH certificate verification. This means no fragile, centralised infrastructure that your servers need to depend on.
Servers don't need to be registered with Smith, they just need to trust the certificate authority public key. This makes cloud deployments and ephemeral servers easy to configure and operate.
A Smith issued certificate embeds unique key-identifiers that are logged by sshd by default.
By sharing your sshd access logs with Smith, all access can be matched against Smith issued certificates.
Cross referencing logs against requests means closing the loop on your audit trail. Smith can ensure you understand your exposure to other authentication mechanisms or out of band access to your servers.
Smith can also help identify hot-spots for failed access requests to ensure your servers aren't being exposed to the constant risk of attack.
Smith's dashboards and detailed audit capabilities allow you to observe all access requests. See an overview of access to an environment or get details with granular information about a specific request.
This means that ensuring secure access to your servers is not just a set and hope situation. Understand what is happening in real-time and receive immediate feedback when something is going wrong.
Ready to try it out?