SSH Keys: How to Protect the Neglected with Privileged Identity Management

By Eric Noonan • July 18, 2016

Organizations continue to expand their application infrastructure at an alarming rate, whether it be in the cloud or on-site. Studies vary, but an estimated 48% to 65% of servers worldwide are run on some flavor of UNIX. The latest report from the Linux Foundation found that Linux is winning the battle in the cloud with an estimated 79% of cloud deployments running the operating system. Many of these UNIX devices are using SSH keys for authentication instead of passwords for the sake of convenience.

SSH keys are similar to privileged accounts, except they replace the need to use a traditional username and password. They allow the user, or an application, to authenticate with a username and key file instead. This removes the need to remember a password for each server, and instead just reference a file stored on your machine. SSH keys work in a public-private setup, where the public key is stored on the target device and the private key is what you use to connect to it with. These UNIX devices could include anything from your standard Red Hat Enterprise Linux server to many of the Internet of Things (IoT) devices.

Unfortunately, SSH key management is commonly overlooked and neglected. These SSH keys should be treated with the same security and care as privileged account credentials if your organization uses them. It’s common for users to simply store SSH keys on their local storage with no protection, making them vulnerable to theft. Many application and scripts are hardcoded to use SSH keys to communicate to.

In February of this year, cloud infrastructure hosting company Linode, LLC came dangerously close to causing a major breach for their clients. The company provided a common Ubuntu Linux cloud image to customers that utilized identical SSH keys, leaving the servers vulnerable to man-in-the-middle attacks. More recently on June 2nd, GitHub, an online project repository, revoked an “unknown number of cryptographic keys” when CloudFlare engineer Ben Cox discovered that a nearly decade-old vulnerability had left a “statistically significant” number of SSH keys vulnerable. Cox stated that the official repositories of Python, Spotify, and the UK Government we’re likely accessed using the compromised keys.

Organizations should implement a robust SSH key management program to reign in all the SSH keys and improve their security posture. While at first glance, this may appear to be a daunting task, mature Privileged Account Management solutions like CyberArk include tools that allow the identification, collection, organization, and storage of SSH keys in a simple, easy to use process. The CyberArk SSH Key Manager uses the Discovery and Audit (DNA) tool to detect and find all the SSH keys being used and creates a map reflecting the trusts formed by keys and target machines. The SSH Key Manager can determine which keys are being used, which are rouge, and which are expired to keep the environment clean.

Furthermore, the Privileged Account Management suite allows organizations to automatically rotate SSH keys, connect to target systems securely, monitor SSH key usage, and remove hardcoded keys. This allows companies to take advantage of all the same security features they use to manage their privileged accounts for their privileged SSH keys. With these tools, there is no excuse for why companies should not be taking the first steps to managing their SSH keys.

Let CyberSheath’s engineers help your organization establish an appropriate and effective SSH key management solution. You can learn more about our approach by viewing our Privileged Access Management service area.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.