Although Secure Shell (SSH) is the most broadly used security protocol for remotely managing Unix/Linux, routers, firewalls, and other systems, most organizations have limited or no formal SSH policies or management in place, as Paul Turner has spelled out in this forum. "Many security practitioners and managers outside of the Unix teams have only a cursory knowledge of SSH—many may not be able to tell you whether SSH uses certificates or public keys, let alone how broadly it is used or the risks it poses if not properly managed," Turner says.
When organizations don't properly manage their Secure Shell (SSH) keys, they can expose themselves to significant security risks. Those risks commonly arise from the fact that companies routinely use SSH for privileged access but don’t recognize the high-level access that they grant. This ignorance can become even more dangerous when SSH keys are used for automating processes across routers, firewalls, and other mission-critical systems. Once cyber criminals gain access to this interwoven network of machines, they can pivot within your network until they locate valuable data.
The good news is organizations can protect themselves by creating secure practices for managing their SSH keys.
Here are four best practices for SSH key management that every organization should follow.
1. Automate and Build an SSH Inventory
You can't protect something about which you don't know. The best place to begin an SSH key management program is to discover all of your SSH servers, private keys, and authorized keys that grant SSH access. You may be surprised by how many SSH keys you have. Many large organizations end up with more than one million SSH keys spread throughout their network. Your organization should ideally use an automated solution to make sure they discover SSH keys stored in user home directories as well as SSH configurations that limit access. You should then continue to actively manage this inventory as they add and/or decommission SSH-based assets.
2. Identify Holes in Your SSH Environment
The next step to strong SSH key management is scanning an inventory for known vulnerabilities and issues. Your organization should use tools to identify threats such as SSH root access, weak keys, back door keys, duplicated private keys, port forwarding, and insecure configurations. Those tools should also help automate the identification process so that companies can respond to issues and vulnerabilities as soon as they detect them.
3. Fix Known SSH Issues
Once you know there's an issue with your SSH environment, you should respond quickly by removing unauthorized keys, replacing old keys, and/or enforcing security controls that limit the accessibility and use of SSH keys. Ideally, your organization should automate these procedures and pair them with your identification tools. Doing so helps ensure consistent policy enforcement of SSH key lifecycle management. It also creates a trackable record of all changes to an organization's SSH assets.
4. Monitor Your SSH Keys for Additional Risks
With the above processes in place, you should continuously manage and track your SSH keys. Specifically, your organization should make a point of conducting SSH audits for compliance violations, assessing risk, and increasing accountability for identity and access management.
Managing Your SSH Key Environment
Organizations can best manage their SSH key environment by gaining complete visibility over all their keys and certificates. This objective includes identifying all encryption assets and monitoring them for vulnerabilities, detecting anomalies, and enforcing policies.
(This blog has been updated. It was originally posted by David Bisson on December 29, 2017.)