from Hacker News

Show HN: Userify SSH Key Manager

by jamiesonbecker on 8/20/23, 3:20 PM with 1 comments

  • by jamiesonbecker on 8/20/23, 3:27 PM

    Technical explanation: Userify synchronizes your team's SSH authorized_keys files. Using a web dashboard (red=root, green=user, white=none), change permissions or remove access for that user across all server/instances in that group. Users who don't have access can't even see that the group or project exists, but if they do they can see the IP addresses of all the servers they can log into.

    Users update their own keys into their own portal, and the changes are pushed out to all servers they have access to automatically. Users can enable MFA individually or you can enforce MFA across your entire company. (No MFA, no login)

    Your servers run a small (https://github.com/userify/shim) python script that continuously checks in with Userify via HTTPS (multi-cloud, only needs outbound HTTPS access from the server to Userify or your internal Userify host).

    If a user no longer exists for that group, all sessions are actively killed (kill -9), the user account is deleted, and the home directory is renamed to /home/deleted:username so you can review the files in there at your convenience. If a user is later restored, that directory is automatically restored as well. No changes to the OS (no PAM modifications) and you can remove instantly.

    It's available via SaaS (Userify Cloud, zero-install) or you can install your own server in your VPC or LAN for data sovereignty. You can also integrate it with Active Directory so that a user who is deleted/locked-out/disabled in AD has the same status cascade through all of your Linux servers.