Tips for managing and securing SSH keys
A new NIST report raises awareness of the major vulnerabilities associated with SSH user key management and provides concrete steps for securing and protecting SSH systems and environments.
The NIST publication describes several SSH vulnerability areas commonly found in enterprises, including:
- Vulnerable SSH implementation
- Improperly configured access controls
- Stolen, leaked, derived, and unterminated SSH user keys
- Backdoors (unaudited user keys)
- Unintended usage of user keys
- Pivoting
- Lack of knowledge and human errors.
It provides recommended steps to manage SSH keys, including:
Define SSH key-based life cycle and termination policies and processes. Configuring access to an account for interactive users and automated processes should be a judged decision, balancing the need for access against the risks, and should include consideration of the level of access required.
Establish continuous monitoring and audit processes. The purpose of continuous monitoring is to ensure that the processes for provisioning, life cycle management, and termination are followed and enforced. Unauthorized and misconfigured SSH user keys should be detected.
Inventory and remediate existing SSH servers, keys, and trust relationships. Existing legacy keys pose a substantial security risk and make risk analysis difficult if they are not understood. An inventory of the location of all existing SSH keys and an inventory of trust relationships must be created and evaluated against defined policies.
Automate processes. The automation of the processes involved in the management of SSH key-based access can significantly improve security, efficiency, and availability.
Educate executive management. Many executives are not aware of the central role SSH keys play in the operation of mission critical infrastructure and the significant breaches that can occur if they are exploited. Without sufficient executive education for both security and operationally focused executives, SSH key management initiatives can get derailed by other seemingly higher priorities, leaving an organization vulnerable.