SSH Key Management
You can either use a traditional password for the authentication process or, more likely, an SSH key. The latter option is more secure and easier to use, but a business needs proper SSH key management strategies to ensure a positive cybersecurity posture.
Understanding SSH Keys
In an SSH exchange, two keys (a key pair) are used to authenticate and encrypt communications. After the keys are generated, they provide ongoing access for a seamless access experience.
A public key and a private key are involved. The public one stays on the remote system, and entities requesting access provide the matching private key to authenticate.
The use cases for this SSH public-private interaction include:
- Accessing critical databases and servers
- Facilitating sensitive file transfers through encryption
- Issuing remote commands
- Delivering technical support
SSH key management and the ability to track and use private and public keys properly help prevent the consequences of cybersecurity incidents, such as stolen data or system failures.
The Risks of Poor SSH Key Management
What happens when an organization fails to adopt the right SSH key management practices and policies? You run the following risks by not focusing on this essential component of cybersecurity now.
Compromised Security
Once an attacker gains access to a private SSH key, it can impersonate system administrators and survey your network unhindered. These entities can leak or steal critical business information.
Too Many Keys
When key management doesn’t occur in a single location, anybody in the company can generate and reuse their own keys, resulting in a loss of control from system administrators. This decentralization makes it difficult to keep track of all those secrets, resulting in a massive attack surface.
This issue is known as key sprawl, and it’s only magnified by the increased use of remote servers and cloud services.
Problematic Keys
There are two types of SSH keys that you want to avoid as a network security administrator: static keys and orphaned keys.
Unlike certificate-based security, SSH keys never expire and require action to be retired. Failing to do so results in several risks:
- The longer an SSH key remains operational, the higher the chance it is leveraged in a cyberattack.
- Employees assigned with permanent SSH keys might leave the company at some point and still have access privileges needlessly.
- Too many aged keys makes it even harder to identify the purposes of individual keys.
- Management of SSH key security is generally harder.
An “orphaned” key is one where the original use is no longer relevant or the location of the private or public keys are no longer known. It makes sense to retire these keys, but some IT professionals are hesitant to do so, out of fear to inadvertently break something.
What’s At Stake?
Compromised SSH keys are a prime target for hackers because of the tremendous amount of potential damage they can cause. Most users of SSH are system administrators, and their accounts have increased privileges. A malicious party might:
- Upload malware to the server
- Steal sensitive information
- Disrupt daily operations and file transfers
- Unlock additional SSH keys for even more unauthorized access
The event of an attack can have significant implications on the internal operations of a company, the digital safety of its employees and partners, and the amount of trust with customers and the industry in general.
Common Solutions for SSH Key Management
Proper SSH key management requires using the right strategy and solutions, such as using dynamically created keys or rotated keys to limit risk.
How do either of these two options work?
- Dynamic keys: This type involves an administrator registering a secret key with “sudo” privileges. When an authorized request is made, the vault will create a new SSH key pair and add it as an authorized key for the user. Private keys issued to a user are leased and can be renewed if needed. Keep in mind, the vault will have no way of tracking key usage, which can make it difficult to maintain accurate audit logs.
- Rotating keys: This approach aims to further enhance security by frequently rotating authorized keys. The frequency of rotation will depend on your organization’s policies. With key rotation, users will be required to create new keys after a set interval to ensure the same key isn’t being used for too long. Key rotation is one of the main ways to address key sprawl.