
Ask HN: How do you provide SSH access to developers in your infrastructure - prodicus
I am curious about how do you do it, keeping in mind<p>- different teams having access to only those boxes which belong to that team<p>- providing ssh access without hand smashing the server.<p>- revoking ssh access for someone as and when required.<p>Would also be interested to know of possible ways to do the above.
======
devm0de
Use aws identities and policies to control ssh access to ec2 instances
[https://aws.amazon.com/about-aws/whats-
new/2019/06/introduci...](https://aws.amazon.com/about-aws/whats-
new/2019/06/introducing-amazon-ec2-instance-connect/)

Has some quirks but might be useful for companies using ec2 instances.

------
verdverm
"gcloud compute ssh instance-name" and "kubectl exec ..." with IAM

I am still surprised that AWS has not created the same experience as GCP. the
instance connect from the co-comment is an improvement, but requires install
on each server and client, plus an extra step when you want to connect.

------
stephenr
Use ldap as your centralised auth, add a schema extension for ssh public keys,
configure sshd/pam/nss to use ldap (and the keys contained therein) for
users/auth.

Use groups or a host attribute in ldap to manage access to specific servers or
groups of servers.

Bonus: you can manage sudo access from ldap too.

------
vs4vijay
Have you looked at Netflix's BLESS:
[https://github.com/Netflix/bless](https://github.com/Netflix/bless)

