ServerAuth works by asking you to install our open source agent on your server which in turn calls back to our system to retrieve the public SSH keys that should have access to that server and system account.
Not at all, all we ask is for the open source agent to be installed.
When you add your servers to ServerAuth we give you a one-line command to install and configure the agent. The agent then periodically checks for updates to your keys via the ServerAuth api. We don't store your servers ip address, location or any kind of identifiable information.
This means that in the highly unlikely event that ServerAuth is compromised, your server will not be, nor will your team members access.
Yes, We only store and ask for your team members public keys. Public keys alone can not provide someone with access to your servers and are perfectly safe to share. To make use of the key you'd need the matching private key to exist on the users computer.
In fact public keys are so safe to share that if you have a Github account you can usually find any keys that you have added to your account by going to https://github.com/your-username.keys
For more details on your public and private keys, check out some of these articles from around the web: