SSH Keys aur Certificates ko Team ke saath surakshit tarike se kaise share karein

"SSH key Slack par bhej do." Development teams mein yeh aam baat hai. Server access urgent hai, naya member environment setup kar raha hai, deployment kuch hi ghanton mein hai aur key nahi hai.

Lekin yeh chhoti si request ek gambhir security incident ka karan ban sakti hai.

SSH Keys share karna kyun khaas taur par khatarnaak hai

SSH key ek saadharan password nahi hai. Yeh server ka poora access deti hai.

Factor	Password	SSH Key
Access ka daayra	Specific account	Poora server
Leak hone par asar	Woh account	Server ka saara data
Badalne ki mushkil	Turant badal sakte hain	Key regenerate + sabhi servers update
Two-factor auth	Available	Key hi authentication hai

SSH key leak hone ka matlab hai ki server par sabhi files, databases aur code accessible ho jaate hain.

Team ko SSH keys share karne ki zaroorat kab padti hai

• Shared server access: Staging/production servers jinhein poori team ko access chahiye
• Deploy keys: CI/CD pipelines ke liye keys
• SSL certificates: Responsible person badalne par certificate handover
• API secrets: Third-party service integration credentials
• Database credentials: Emergency incident response

Khatarnaak sharing tarike

1. Slack/WhatsApp private messages

Chat history permanently servers par store hoti hai. Koi bhi "ssh" ya "key" search karke pehle share ki gayi keys dhundh sakta hai.

2. Email

Email servers par permanently archive hota hai. Ek baar forward hua toh control khatam.

3. Shared Google Drive/Notion

Granular access control mushkil hai. Sync hone ke baad local copies bachi rehti hain.

4. Git repository mein commit

Sabse khatarnaak tarika. Git history mein key hamesha ke liye reh jaati hai, file delete karne ke baad bhi.

Surakshit sharing tarike

Tarika 1: LOCK.PUB Secret Memo (one-time transfer ke liye sabse achha)

1. LOCK.PUB par secret memo banayein
2. SSH key ya certificate content paste karein
3. Strong password set karein
4. Sabse kam expiry time rakhein (1-4 ghante)
5. Link Slack par bhejein, password phone par batayein
6. Receiver ke locally save karne ke baad link expire ho jaata hai

Fayde:

• Key kisi bhi server par plaintext mein store nahi hoti
• Expiry ke baad access nahi ho sakta
• Chat history mein key ka text nahi rehta

Tarika 2: Secrets Manager (badi teams ke liye)

HashiCorp Vault, AWS Secrets Manager, Google Secret Manager.

Tarika 3: SSH Certificate Authority (lambe samay ka hal)

SSH CA chalayein jo har user ko individual certificate issue kare.

Tarika 4: Individual keys (sabse zyada recommended)

Niyam: Shared key < Individual keys
Shared key leak → Poori team prabhavit
Individual key leak → Sirf woh user prabhavit

Share karna zaruri ho toh checklist

Transfer se pehle

• Key ki permissions minimum hain?
• Read-only key kaafi hai?
• IP restrictions lagayi ja sakti hain?

Transfer ke dauraan

• Key aur password alag channels se bheje ja rahe hain?
• Expiry time sabse kam hai?

Transfer ke baad

• Receiver ne key surakshit tarike se save ki — confirm karein
• Link/memo expire ho gaya — verify karein
• Key usage logs monitor karein

Key rotation schedule

Key ka prakar	Rotation ki salaah
Production server keys	90 din
Deploy keys	90 din
SSL certificates	Har renewal par
API secrets	90 din
Dev/staging keys	180 din

DevOps team ke liye security checklist

• Sabhi servers par individual SSH keys use ho rahi hain?
• Shared keys par IP restrictions hain?
• Naukri chhodne wale employees ki keys turant deactivate hoti hain?
• Key rotation ka schedule hai?
• SSH keys kabhi Git mein commit nahi hui hain?
• Chat history mein plaintext keys nahi hain?
• Sensitive information ke liye expiry wala channel use hota hai?

Saransh

SSH keys aur certificates server security ki buniyaad hain. Inhein Slack DM ya email se bhejna apne ghar ki chaabi notice board par chipkaane jaisa hai. Jahan tak ho sake individual keys issue karein. Jab share karna zaruri ho, sabse kam expiry time wala secret memo use karein.

Abhi secret memo banayein aur SSH keys surakshit tarike se transfer karein.

Secret Memo Banayein