Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5667

Crowd track ssh public keys across applications

    XMLWordPrintable

    Details

    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      Problem Definition

      Crowd should track ssh public keys and relevant meta data for all Atlassian products. Many organizations consider SSH Key Sprawl Poses Security & Operational Risks. This requires admin to Discover all SSH Keys and Bring Under Active Management. Atlassian applications have many locations where the SSH keys can be created and stored. It also can create a situation where SSH keys can be reused, that is used improperly.

      Suggested Solution

      Bitbucket, Bamboo, and Fisheye all create ssh keys and track public keys. Embedded Crowd should track the SSH public key and relevant metadata, like creation time and usage. Then sync this data back to Crowd. This would assist admin in many of the SSH keys best practices, like discovery.  This would also allow Crowd to possibly integrate with SSH key managers and ldap.

      Bamboo creates keys or stores keys for:

      Bitbucket Tracks and creates keys:

      Fisheye Tracks and Creates keys:

      • For Mercurial and Git repositories, Fisheye supports Generating a key pair and Uploading a key pair.

      The private key should stay in place on each app.

      Workaround

      Currently SSH keys need to be tracked per application.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              dlaser dlaser
              Votes:
              7 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: