Hacker News new | ask | show | jobs
by debarshri 1255 days ago
I don't think neither me nor anyone reading that statement would come to a conclusion that the works the way I suggested in that argument.

I can talk about me interviewing and empirical data of talking to dozens of companies from seed to series B and how they have been managing access to servers. But I won't, I would rather urge you to do basic trend search either on google or your favorite platform for SSH PAM via LDAP or SSH LDAP and see it for yourself where the world is heading [1].

[1] https://trends.google.com/trends/explore?date=today%205-y&q=...
2 comments
mbreese 1255 days ago
Oh, I’m sure it’s super rare. It’s actually quite easy to setup, but I’m not sure many people bother with the setup because LDAP (I’m not counting Active Directory) in general isn’t all that common. I know this just from the rarity of articles posted about getting it configured.

But once you do it, it’s something that’s easy to keep using because it’s so useful.

My favorite was setting up LDAP in combination with a jump host where I had a special program for the SSH command shell (like prgmr.com). I had it setup where the use could authenticate with a password, but then upload an SSH key from the custom shell.

link
debarshri 1255 days ago
I am not debating the usefulness of LDAP integrated with SSH. I am agree with you.
link
pnutjam 1255 days ago
Based on the interviewing I did last year, the clear trending solution, for enterprise, is Cyberark. I saw that all over the place for root password management.
link
debarshri 1254 days ago
Cyberark [1] and delinea [2] are definitely leading enterprise solution right now. Okta too has an offering in this space but I haven't seen it used widely yet.

But there are quite some solutions in market at this point that are in growing trend. You would find teleport [3], strongdm [4] in high growth companies where as Adaptive.live [5], Idemium.io [6] and now hoop.dev in the early stage to series B.

[1] https://www.cyberark.com/

[2] https://delinea.com/thycotic

[3] https://delinea.com/thycotic

[4] https://www.strongdm.com/

[5] https://adaptive.live/

[6] https://idemeum.com/

link
mbreese 1255 days ago
This isn’t root password management. Or at least, it shouldn’t be. Users shouldn’t have root passwords for end devices. This is about controlling access to remote servers and/or sudo access to those servers. None of which requires the root password on the remote server, unless I’m missing something. Is this for more ephemeral keys?
link