EZSSH uses SSH Certificates to create short-term access keys signed by our HSM backed Certificate Authority (CA) that will grant just in time access to your resource while creating an audit log that can be traceable back to the user and their actions.
Each policy inside each customer’s account will get their own HSM backed Certificate Authority, creating an identity perimeter limited to your own access policy. We also offer a bring your own CA option where we you can bring your own Azure Key Vault give EZSSH create, and sign permissions and you are in control of your private key and how they are used.
While using a short-term certificate sounds like a lot of work for a user each time they want to login. The user is not aware of all of this going on in the background. The user simply types the command, and we do all the magic in the backend, the only thing the user knows is they got a secure way to connect to their infrastructure.
Since EZSSH uses native SSH Certificates, most Linux distros have the ability to trust a specified certificate authority and accept certificates from it without having to do constant changes. Once it is trusted, any certificate that meets the requirements set by the admin will be grated access. This avoids having to run a highly privileged agent or any third-party code in your servers.