When we spin up our first servers, we know it’s easy to manage users. Creating and removing users is only a couple of commands:
Adding a user:
useradd rajatpasswd rajat<enter password><re-enter password>
Even easier to remove a user:
But, that’s not the issue. In the old days, servers were expensive commodities and we loaded them up with multiple tasks. If we were lucky, we could afford to have a single purpose per machine. In either case, there just weren’t as many server instances as there are today.
With amazing cloud providers like AWS, Digital Ocean, Rackspace, and SoftLayer among others, companies are building out extensive server infrastructures. They can do it with API calls or just quickly clicking a few buttons. And, therein lies the rub.
Common User Management Issues
Once you have even a modest number of servers, manually managing users becomes painful. Here are a few examples of the issues you’ll face manually managing users across a server fleet.
- Adding, deleting, and managing users across many servers, in a controlled and granular way is incredibly painful, especially in the case of removing users (because you have to know where they are, and that’s painful to find out – i.e. logging into each machine and checking).
- When deleting a user, the user’s files remain on the server, eating up valuable disk space, and potentially creating security issues, if they allowed open access to confidential files.
- When adding a new user and password login is disallowed, the user must supply their public key(s) to their system admin, and that admin has to edit a file and put them into the correct location.
- If password login is used, once a user is added, you need to provide the password to the end user (ideally in a secure fashion, which can be difficult for users in different locations), for each server, and they have to go login and verify that they can get in. If they can’t, they have to call the sysadmin again and go through the password process again.
- If a user forgets their password, they have to go back to the system admin to reset it.
- If a user wants to rotate their SSH key, they have to login to every single server that holds their public key, and edit a file to remove the old key, and add the new one.
- If an admin wants to give someone temporary access, they have to add the access, and then make sure to come back and remove it when their access expires.
- Forcing your users to reset their passwords everywhere in the case of a security breach is nearly impossible to do effectively, but with JumpCloud it’s trivial: just select the users and click “Resend Email”.
These are just some of the significant problems that admins face when manually managing users. Ironically, doing this manually is actually less secure!
JumpCloud User Management
Now, let’s take a look at how you would accomplish user management tasks with JumpCloud:
- Adding, deleting, managing users – Web-based point and click interface with the opportunity make bulk changes as needed. Also, you have a rich API that can do anything you can do from the UI through code.
- Setting up other service accounts – You can automatically create accounts in other services, like databases, just by adding a user to a server tag and running a command that is launched on user add.
- Cleaning up user data – With JumpCloud’s ability to run a command when a user is deleted, you can automatically archive their home directory and ship it to a backup server before removing it from the local server.
- Managing SSH access – it’s a snap. JumpCloud’s self-service portal allows users to upload their public keys. JumpCloud places the keys in the right spot on all of the right servers so your users have the right access – in seconds.
- Communicating passwords – as an admin, you are out of this loop. JumpCloud automatically interfaces with your users to securely allow them to set their passwords.
- Password reset – self serve! JumpCloud’s portal is available to your end users to reset their passwords.
- Rotate keys – users can rotate their keys through JumpCloud’s self-service portal and as an admin, you can force rotation (and password expiration) on a schedule you set.
- Temporary access – easy and simple. Just go into the JumpCloud interface and give somebody access for a limited amount of time. JumpCloud automatically disables the login after your specified time period.
Boom. It’s that easy. Point and click to manage users. Ability to make changes in bulk and significant increase in security (lack of user credential security is the number one reason organizations are breached!).
Our goal is to automate the management of your servers. Managing users is one of the top items that sysadmins spend their time on. Let us help you make it more efficient and secure at the same time! Give JumpCloud a try for free and let us know what you think.