Safety and security are of the utmost importance in both personal practices and business practices. Knowing that your accounts and systems are safe and managed in an organized and protected manner will put you and all those you work with at ease. That’s why knowing about SSH keys —how they work, how you can implement them, and who you can trust to keep them secure—is imperative to keeping your organization’s private information protected from hackers.
What are SSH keys?
Before we go into the details of what SSH keys are used for and how they can best be managed, first let's ask, what are they? SSH keys are an authentication system that allows users to access encrypted connections between systems. In other words, it is the secure bridge between two systems that only allows users with certain code/keys to access said system. These keys are vital to having a safe and secure network of systems.
What is SSH key management?
ManagingManagement of SSH keys means maintaining controlled access to resources and credentials by allowing differing levels of access and control, tracking which keys are compromised during attacks, and controlling the provision and the decommission of the key. The process of managing and securely administering cryptographic keys in a crypto ecosystem is commonly referred to as SSH key management. Companies require SSH key management to oversee the creation, generation, storage, exchange, protection, replacement, and crypto shredding of SSH keys to maintain crypto ecosystem security. SSH key management also includes recording who has access to keys, what context keys are used in, and where these keys are used.
SSH key management is a critical problem
SSH key management is a difficult task, but managing the SSH keys is vital for system and company security. SSH keys provide the same access as usernames and passwords and they often grant access to privileged accounts on the operating system level and to resources such as production servers, databases, routers, firewalls, disaster recovery systems, financial data, payment systems, intellectual property, and patient information.
However, in many cases, SSH key hygiene is completely overlooked in identity and access management planning. For that reason, it is important to start with an SSH key audit. Over the last few years most large organizations such as the banking sector, retailers and healthcare organizations, have amassed large numbers of SSH keys in their environment. This has led to violations of corporate access policies and dangerous backdoors.
Information security starts from controlling who is given access to systems and data. If there is no control over access, there is no security, no confidentiality, no integrity, and no guarantees of continued operation. Identity and access management is the foundation of information security as it addresses the basic need of any organization to be able to reliably identify users, and to be able to control which users get access to which resources. These two basic controls, identity and access, lay the foundation of security in the corporate environment. It is the basis of information security.
What is a key management system?
A key management system or KMS can really assist in overcoming the risks of poor SSH key management and can help in protecting keys and metadata for the crypto ecosystem. While key management can be performed manually, this will create a lot of concerns and a hassle of workload. This is because manual management of SSH keys is a time-consuming process which is prone to user errors, let alone it is extremely difficult to compile information during mandatory audits.
A key management system is designed to help manage symmetric and asymmetric encryption keys throughout their lifecycle. A KMS caters to automated distribution and key updates, support for business processes, and easy access to information, making audits and compliance easier. A KMS also helps with the main challenges of SSH key management, including reducing repetitive tasks for personnel, orchestrating key delivery between systems, and setting clear key responsibilities to avoid confusion. A good key management system can help businesses save time and money by streamlining the organization and management of SSH keys.
SSH is a secure way to initiate remote computer access and enable terminal sessions. Although SSH can be used with passwords and IDs to log in to the network, it’s more common to use public key authentication because it provides greater security.
How do SSH keys work?
SSH stands for Secure Socket Shell which means its basic use is to enable secure access to remote servers and devices over an unsecured network. It is highly recommended to use SSH keys. The difference between root SSH and SSH keys is that SSH can support basic password authentication, whereas SSH keys are a more secure authentication process when logging into an SSH server. This is because there is an encrypted connection between the systems which makes the data harder to hack and get access to. Having this extra safety provides confidence in knowing that your systems are safe from even the most aggressive attacks. SSH keys are proven to be a vital resource when it comes to managing systems securely.
The risk of poorly managed SSH keys in SSH key management
Poorly managed access exposes organizations to significant risks that could, in the worst case, bring down critical information systems for months. Unmanaged keys risk systemic failure of critical infrastructure because the likelihood of keys being misused, stolen, or used as part of an attack is high.
One single key can be enough to gain undetected root access to critical systems and data. An attacker getting root access means they can do anything on the server, including gaining unauthorized access, “pivoting”, circumventing security controls to inject fraudulent data, subvert encryption software, install persistent malware, or actually destroy the system. Confidentiality, integrity, and continuity of operations are all compromised. This could cause billions of dollars of damage to shareholders.
For modern society, a coordinated attack across critical infrastructure with the intention to destroy and confuse is a real possibility and an actual threat to national security. Poorly managed SSH keys can and will lead to access that is in violation of the compliance regimes such as PCI Security Standards, Sarbanes-Oxley, or NIST 800-53, that require controlling who can access what systems and data, segregation of duties, and enforcing boundaries.
Private keys and public keys — What are they?
When we’re looking at a physical house key, there are certain notches and patterns that link a key and a doorknob together. If you own the home, you want to be 100% certain that only those that you give a house key can have access. SSH keys work very similarly in that they typically come in pairs — a public key and a private key. The public key is linked to a system which then can grant system access to anyone who has a private key that matches the public key. Just like a physical key, there is specific code and encryption on each of the public and private keys.
For this type of authentication, you don’t necessarily need password access since it is already a more secure method, though it is recommended for additional security. This process of using SSH keys to share information further ensures that only people with the authority to access the systems are able to.
Know the differences between SSH and SSL/TLS
For SSL (also known as TLS) machine identities, the essential purpose is to secure connections between a website and a web server. Whereas SSH keys are used to create a secure connection between two individual remote systems over the internet. SSH keys are overall better for this specific purpose due to their ability to be far more functional in that they are both symmetric and asymmetric in their encryption. SSL/TLS keys and certificates are typically used to manage high quantities of customers and data, whereas SSH keys are more specific to individual connections between clients and an organization's system.
Best practices for SSH key management: How should organizations manage SSH Keys?
It is crucial to manage SSH keys securely and effectively to ensure that they are working in favor of your organization. These keys are the bridge to a corporation's vital digital assets and need to be protected from those who were not given access. In addition to security, properly managed SSH keys are necessary to prevent SSH audit failures. Failing an audit can result in large fines and additional costs to clean up key sprawl.
Some main points to consider when managing SSH keys are:
- It is incredibly difficult to manually manage several hundred or thousand SSH keys alone.
- Managing SSH keys properly will prevent SSH audit failures by regularly reviewing SSH entitlements, assessing risk, and avoiding compliance violations.
- Proper management of SSH keys will also monitor policy violations and track when a key was used and by whom. This tracking solidifies that whoever had the authorization to use your systems are actually the people they claim to be.
- It is also important when organizing SSH keys to rotate them regularly to make them harder to exploit. In other words, you’ll want to replace old keys consistently for added security.
In order to address the problem of poor SSH key management, it is advised to map the various best practices to the risks of SSH key management so as to understand which practice addresses each risk.
On a high level, the best practice recommendations that pave the way to better security and compliance are the following:
1. Implement clearly defined SSH key management policies
The definition of policies should explicitly assign roles and responsibilities to prevent misunderstandings that result in security lapses and to ensure accountability. In addition, we should ensure that organizational policy is comprehensive enough to support SSH. Organizations should perform a periodic review of documented procedures to ensure they are extant and complete, and reflect the environment accurately. Furthermore, they should align policies and procedures to IT controls to support continuous compliance. Finally, organizations should incorporate SSH into risk management processes and should consider conducting a risk assessment of SSH usage throughout the organization.
2. Define SSH hardening configurations
Organizations should create a hardened configuration that reflects the goals of the organization. The hardened configuration should enable SSH server functionality where required, should keep SSH server and client implementations fully up to date, and enforce least privileged access. In addition, the organizations should periodically review the configuration to ensure that SSH client and server software is configured in line with the defined, hardened configuration.
3. Inventory and remediate
Organizations should map all trust relationships and identify and remove any orphaned and duplicate authorized keys. They should ensure passphrase protection, key length, and algorithms. Furthermore, they should assign ownership of all access granting keys, and monitor and analyze key-based access usage.
4. Control SSH identities and authorized keys
These controls should enforce minimum key length and approved algorithms and should provide for a maximum time a key may be used before replacement. It is essential that identity keys should not be duplicated, and that SSH keys should be changed when a compromise is suspected. Finally, SSH key-based access should be reviewed regularly for appropriateness and should terminate SSH key-based access for decommissioned processes and terminated or transferred users.
5. Establish continuous monitoring and audit process
Most organizations have many years’ accumulation of SSH keys in their environments, managing and controlling access to tasks and processes that aren’t always obvious. That’s why it’s critical to monitor existing keys to establish how often they are used, what systems they connect to and how any copies of the keys are used.
6. Automate the process
Automation is a key factor for proper SSH key management. Organizations should strongly consider using automated tools to technically enforce the desired configuration or to discover and report upon inappropriate configuration (e.g., legacy versions or inappropriate cipher use). The automated tools should include file integrity monitoring tools to validate that administrators are alerted to changes in critical files. In addition, these automated tools should be used during the deployment process to ensure security goals such as the creation of a standard configuration to apply to all automated deployments, the enforcement of configuration standard to deployed services, the restriction of certain SSH services, the set-up of strong protocol versions, the cipher/algorithm configuration, and the establishment of key restrictions and authorizations.
7. Educate, educate and educate the masses
Although these practices might seem difficult to implement, the truth is that the initial steps in dealing with these issues are not difficult or costly at all. Initially organizations must find out to what extent their environments are exposed to the risks identified. Skilled personnel with the right tools can accomplish these initial steps within a matter of days. Organizations that acquire and use automated SSH key management products will be able to significantly decrease their risks related to SSH access with a reasonable amount of effort.
How Venafi can help with your SSH key management
After understanding SSH keys and the importance of managing them properly, what can you do to be proactive about eliminating risk at your company? What if managing SSH keys the right way with no team or no experience is too much to take on? Venafi is a highly reputable organization that specializes in machine identity and SSH key management.
Some of the largest companies in the world have benefited from our expert management of machine-to-machine communication. If you have SSH keys that you need assistance managing, we have the SSH key management platform that will help ensure your systems are safe and secure. Want to learn more about how your organization can pass your next SSH audit? Download our solution brief on Preventing SSH Audit Failures.
(This post has been updated. It was originally published on May 27, 2022.)