Interesting blog post from Facebook on how they manage SSH access to thousands of servers by thousands of employees.
It’s an interesting read, but it left me with one question - when would an engineer need to ssh to a Facebook production system? I can understand for troubleshooting purposes, but surely an unprivileged user would make more sense then, rather than using a local root user?
I wouldn’t be surprised if Facebook is to the point where the scale of just their operations team required something like this. However, I would never have people ssh in as root, you lose the audit trail that way. Instead, people should SSH in as themselves and sudo or doas for privileged access.
Doesn’t this maintain the audit trail as each user is given a unique serial?
Only if that is logged somewhere when the certificate is used to login.
The article claims to use logging based on the cert to identify the person rather than having each person map to a local user.
At a certain number of users it becomes frustrating to maintain local users across a large number of machines. Facebook is certainly above that number of users.