This post on the facebook Engineering blog about scalable and secure access with SSH really makes me wonder how this’d be doable at-scale, without a fleet of developers to build your own system to do it.
The advice at the end is probably the most important information any AAA system team can take heed of:
A few parting words of advice: When you build your CA, be it a small script or a complex system, make sure you keep track of all certificates you issue. If you find yourself in the unfortunate situation of having a compromised certificate (and its respective private keys) and you don’t know how to revoke them, your last resort is to rotate the entire CA. If you end up having a programmatic CA, consider having short-lived certificates, e.g., 24 hours. This shortens the window of opportunity for an attack if you experience a compromise.
Above all, protect your CA private key and consider rotating it regularly.
It’s really quite shocking how infrequently people do this. 🤔