Closed dmfine closed 5 years ago
Hi David,
I think I can follow how this would work for our static infrastructure (support, mon, bastion servers etc.). How would this work with our dynamic infrastructure managed by Elastic Beanstalk though?
Replacing this with 4 other issues and an epic on improving ssh auth
This would probably be an Ansible play to create users on each server, add public keys, and sudoers config. Another approach would be LDAP + SSSD but I don't think the complexity is justified at this time. The problem we're trying to solve is key rotation and revocation. Switching to separate users lays the foundation for security auditing and more granular access controls.