What is Keystash?
Keystash is a cloud-based SSH key and Linux user management system designed to streamline security operations across server infrastructure. The platform automates the distribution and management of SSH keys while providing centralized control over user accounts and permissions. It enables organizations to enforce IT security policies, such as disabling password login and enabling SSH two-factor authentication, with minimal manual intervention.
By integrating with modern Linux distributions through a lightweight agent, Keystash synchronizes user data and SSH keys via outbound HTTPS connections, ensuring access continuity even during internet outages. The system supports compliance with industry standards like ISO27001, SOC2, PCI-DSS, and HIPAA, while offering audit logs for tracking user activity and permission changes. Its self-service functionality reduces IT workload by automating user onboarding and key management processes.
Features
- SSH Key Management: Guides users in creating or uploading strong SSH keys and manages key distribution across servers
- Linux User Management: Provides full control over Linux user accounts, groups, and SUDO permissions
- SSH Two Factor Authentication: Enables two-factor authentication for SSH sessions with one-click activation
- Audit Logs: Tracks all user activity and permission changes for compliance and security monitoring
- Agent Deployment: Supports easy installation on Linux servers using standard package managers (YUM & APT)
Use Cases
- Centralizing SSH key management across multiple Linux servers
- Enforcing two-factor authentication for SSH access to meet security compliance
- Managing temporary user accounts for contractors or short-term access needs
- Automating user onboarding and offboarding processes in Linux environments
- Maintaining audit trails for user activity and permission changes
FAQs
-
What happens if I lose connectivity to Keystash?
The Keystash server agent copies SSH Keys to the local file system on your servers so that users can always login irrespective of whether your server can still communicate with Keystash in the cloud. -
Do I need to install software on my servers?
Yes, the Keystash agent will need to be installed on all servers that you want to manage. But don't worry, there are no software dependencies needed to run the agent, just an SSH Server that uses the authorized key files in the users home directories.
