Visit the post for more.
Overview
The article discusses how Facebook implements scalable and secure access using SSH, emphasizing the use of signed certificates to enhance security and reliability. It outlines the challenges of traditional SSH access management and presents a robust solution involving centralized logging and security domains.
What You'll Learn
1
How to implement SSH access control using signed certificates
2
Why central authentication can be a single point of failure in large systems
3
When to use a bastion host for secure access to production systems
4
How to configure SSH servers to trust a Certificate Authority (CA)
Prerequisites & Requirements
- Understanding of SSH and public key authentication
- Familiarity with OpenSSH
Key Questions Answered
How does Facebook manage SSH access for thousands of engineers?
Facebook manages SSH access by using signed certificates issued by a central Certificate Authority (CA). This approach eliminates the need for individual public key management and reduces the risk of a single point of failure associated with centralized authentication systems like LDAP or Kerberos.
What are the benefits of using signed certificates for SSH?
Using signed certificates for SSH provides a single point of trust without relying on third-party infrastructure. This method enhances security by preventing unauthorized access and simplifies the management of user permissions across a large number of servers.
What role do bastion hosts play in Facebook's SSH access strategy?
Bastion hosts serve as intermediaries for engineers to access production systems securely. Engineers authenticate to these hosts from trusted networks, which then facilitate SSH connections to production servers, ensuring that direct access is restricted and monitored.
How does Facebook ensure accountability in SSH logins?
Facebook ensures accountability by collecting detailed logs of SSH logins, including which certificate was used for authentication. This data is aggregated in a centralized syslog infrastructure, allowing for thorough tracking and analysis of user access.
Technologies & Tools
Backend
Openssh
Used for secure shell access and management of SSH certificates.
Backend
Ldap
Used for centralized authentication in conjunction with SSH.
Backend
Kerberos
Another method for centralized authentication mentioned in the context of SSH access.
Database
Hive
Used for long-term retention of logs collected from SSH access.
Key Actionable Insights
1Implement a Certificate Authority (CA) for SSH access to streamline user authentication and improve security.By using a CA, you can manage access permissions more effectively and reduce the administrative burden of handling individual public keys.
2Utilize bastion hosts to restrict direct access to production systems, enhancing security.This approach limits exposure to potential vulnerabilities by ensuring that engineers authenticate through a controlled entry point.
3Establish a centralized logging system to monitor SSH access and maintain accountability.Centralized logs provide valuable insights into user activity and help in auditing and compliance efforts.
Common Pitfalls
1
Neglecting to manage the distribution of the CA public key can lead to unauthorized access.
Ensure that the CA public key is securely distributed to all servers that need to trust it to prevent security breaches.
2
Failing to implement proper logging can hinder accountability and auditing.
Without adequate logging, it becomes challenging to track user actions and investigate incidents effectively.
Related Concepts
SSH Access Control
Certificate Authorities
Centralized Authentication
Security Best Practices