SSH Key Management
"Administrative Only" users manage their own SSH keys to systems they have access to through profiles. "Full Access" administrators can disable anyone's key at anytime to force rotation. Unless key management is disabled, Bastillion will overwrite all values in the specified authorized_keys file for a system.
Note: Key management only pertains to Bastillion. Bastillion for EC2 does not provide a utility to manage SSH keys since that is typically done through the AWS console
Manage SSH Keys (Everyone)
Users generate/set their own SSH keys to profiles they have been provided access to.
Key management only stores the public key for the user. While the private key is downloaded by the user, it is never stored in the application.
Disable SSH Keys (Full Access users)
Full Access users may force key rotation and disable any SSH key that has been registered through Bastillion.
Once a key has been disabled it cannot be added again by any user.
By default Bastillion will generated and distribute the SSH keys managed by administrators while having them download the generated private. This forces admins to use strong passphrases for keys that are set on systems. The private key is only available for download once and is not stored on the application side. To disable and allow administrators to set any public key edit the BastillionConfig.properties.
Disable SSH Key Management
You may disable key management by editing BastillionConfig.properties file and use Bastillion only as a bastion host. This file is located in the jetty/bastillion/WEB-INF/classes directory.
The authorized_keys file is updated/refreshed periodically based on the relationships defined in
the application. If key management is enabled the refresh interval can be specified in the