Krypton - SSH Management


#1

I was watching a talk by Michael Lucas on YouTube about SSH, and started researching SSH Key Management. I found something called Krypton, and thought it looked interesting.

Level1Techs did a quick video talking about it, but didn’t really go into implementation.

Anybody ever use this or have feedback of it?


#2

I used to use it and I really liked it but I haven’t used it for a while.


#3

Is there a reason you stopped or just didn’t find it useful anymore?


#4

I stopped using it for 2 reasons neither of which was its fault. 1) I don’t trust my Android phones security (it was a cheap phone and has sketchy manufacturer stuff I can’t remove and an outdated Android version) 2) My main computer has network restrictions causing it to not work because it required a web service for something and Android didn’t support Bluetooth in the app or my phones Bluetooth wasn’t supported can’t really remember which.


#5

We keep SSH access behind OpenVPN, servers on separate network with rules only allowing certain computers to access them and then SSH using key authentication.


#6

Do you have to add the keys for each of your employees so they can SSH or how do you handle that in your business? You said the other day in a video you don’t share ssh keys (for obvious reasons) so how do you manage them. What is the process if someone leaves the company, does it require manual deletion for all your clients servers? Do you always allow all employees to a client or do you restrict it (if so how do you know which clients need the key removed)?


#7

I would also love to know this @LTS_Tom. I’m an SSH noob still but it seems for a Homelab (which is what I’m mainly focusing on) saving to a local Keepass or something would be fine. Or possibly storing it in Lastpass?

Honestly, I don’t know what I don’t know. I’m still using username/password for my 20’ish Linux VMs. :blush: