Organizations have been using Secure Shell (SSH) for administrative access for more than 20 years—plenty of time to amass large numbers of SSH connections. Due to its usefulness and popularity, SSH has been embedded into the frameworks of many applications. Given its long history and extensive usage, it’s easy to see how SSH could’ve spiraled out of control, especially because these keys don’t expire.
You may wonder why organizations don’t have a better handle on their SSH inventory. The easy answer is that most of them don’t have the support of a central management solution for visibility and intelligence. Simply put, they don’t know how many SSH keys they have or where they are being used. Unknown or undermanaged legacy keys pose a substantial security risk and make risk analysis difficult if their usage and privileges aren’t understood. Let’s review how exactly you can gain full visibility across your enterprise, and why this is so important for your machine identity management strategy.
Getting visibility across all usage
Before you even begin an SSH machine identity management program, you need an inventory of all the SSH keys used across your enterprise. To successfully gather this information, keep in mind the dynamic nature of machine identities and the different types of data necessary to manage and protect them. For SSH machine identities, you need centralized visibility into all your SSH servers, private keys, and any SSH configurations that limit access.
To build a successful SSH machine identity management program, you need to gather and provide immediate access to a variety of information about your SSH machine identities.
- Extensive, enterprise-wide discovery
The best place to begin an SSH key management program is to discover all your SSH servers, private keys, and authorized keys that grant SSH access. You may be surprised by how many SSH keys you have. Many large organizations end up with more than one million SSH keys spread throughout their network.
Your organization should ideally use an automated solution to make sure you discover SSH keys stored in user home directories as well as verifying that SSH configurations limit access. After that, continue to actively manage this inventory as administrators add or decommission SSH-based assets.
- Central repository for comprehensive inventory
To attain SSH visibility and control across your network, make sure you have a complete and accurate inventory of all your SSH machine identities, including who owns them and which systems they can access. This inventory can be a challenge for many organizations who have tens of thousands of untracked identity keys with corresponding trust relationships granting access across many mission-critical systems.
When you’re prepping for an SSH inventory, make sure to include information on:
All SSH servers
Any SSH configurations that limit access
Host and account locations of all identity and authorized keys
Authorized key restrictions
In addition to creating an inventory of the location of all existing SSH keys, you should map trust relationships and evaluate them against defined policies.
- Remediation for identified vulnerabilities
An important part of strong SSH key management is scanning an inventory for known vulnerabilities and issues. Your organization should use tools to identify threats such as:
SSH root access
Potential backdoor keys
Duplicated private keys
Those tools should also help automate the identification process so companies can respond to issues and vulnerabilities as soon as they detect them.
- Audit-ready reporting and analytics
Auditing of SSH user keys serves risk analysis and ensures that the provisioning, life cycle management, and termination processes—as well as continuous monitoring—are working properly. A comprehensive audit of SSH user keys for risk analysis purposes should be performed by all organizations that use SSH protocols. Audits for processes, on the other hand, can use representative sampling and condition detection tests to gain sufficient confidence that the processes are functioning.
A system that can provide central reporting and analysis tools across the inventory can reduce the time necessary to prepare the data required for audits and make it easier for auditors to verify proper implementation and identify exceptions.
If you don’t have full visibility of your SSH certificates and machine identities, policy enforcement, and rogue SSH key detection, you will be exposed to undue risk, making it difficult to prepare for a comprehensive review of your SSH environment.