{% extends "sshkm/base.html" %} {% block title %}Documentation{% endblock %} {% block content %}

What is SSHKM...

With SSHKM you can manage your SSH-public-keys.
You can store them centrally and group them together.
Then you can deploy them to your Hosts and have exactly the Keys in your authorized_keys files that you defined.
Everytime you deploy them to a host keys which are not configured in SSHKM will be overwritten.
So you can be shure that no one unwanted can connect to your hosts.
(This only applies for operating system users you create in SSHKM which will be described later.)

... and how does it work

Your Groups can be departments, external companies, workgroups, groups of servers or what ever makes sense for you.
Groups should help you in situations when one employee leaves the company and another takes his position for example.
In such a case you only have to delete the key from the old employee and create one for the new. Now you add the new employee to the group(s) he applies.

When you have your Groups of Keys you can create your Hosts. Typically this are your web-servers, database-server, application-servers ...
Once you are finished with that you create the OS-Users to wich you want to deploy your keys on your target hosts. At least root would make sense. But every user someone want to connect with hist ssh-key should be created here (john, oracle, webappuser, ...).
Finally you want to put everthing together whith Permissions. Here you define which Group (of Keys) should be able to connect to which Host as which OS-User.

There is no fixed order in which you configure your Keys, Hosts, Groups, ...

How to start

Upload your Master-Keys

To be able to deploy public keys to your environment SSHKM uses SSH-keys itself.
First login to SSHKM as user with admin priviledges. The default user is admin with password admin (you can and should change this password in the settings page).
Navigate to the settings page. This is the little gear-wheel icon in the top right corner.
Here you can upload the public and private SSH-key wich SSHKM will use to deploy all your further configurations.

Create Hosts

Now you can create Hosts.
You can use hostnames or IPs.
You only need to make shure that SSHKM resolve your Hosts and is able to connect to them. If there is a firewall between the SSHKM-server and your target host you have to be shure to make SSH connections possible.

Create Groups

Create Groups to assign Keys later.

Create Keys

Keys are what you finally want to deploy.
This the public keys which should be able to connect to your target hosts.

Create OS-Users

OS-Users are typically root, oracle, john, ...
Be shure that at least the root user is created.

Create Permissions

Permissions is where it all comes together.
Here you define which group (of keys) should be able to connect to which Host as which OS-User.

Deploy your keys

Congratulations!
Now you should be able to start your first deployment
Navigate to Hosts and either deploy one host by another or select multiple hosts and deploy them together.
With a singe deployment you should see the result immediately.
If you choose a multi-deployment it will start in the background. You will see the results as soon as the job for every host is finished. Refresh the page to get current results.

{% endblock %}