SSH Key Basics: Introduction to SSH Keys, Their Use & Misuse, and Their Value to Enterprises
What Are SSH Keys and Why Are They Important?
The SSH (Secure Shell) protocol is a method for secure remote login from one computer to another. SSH enables secure system administration and file transfers over insecure networks using encryption to secure the connections between end points.
An SSH key is an access credential, similar to a password, used in the SSH protocol. SSH keys grant, automate and enable remote access to the digital core of nearly every enterprise. They enable major financial institutions, global industrials, tech giants and governments to function securely.
SSH founder, Tatu Ylönen, invented the SSH (Secure Shell) protocol in 1995.
Contents
SSH keys are widely used, and widely unmanaged. Why SSH Keys are high-stakes risks for enterprises SSH Keys - a target for hackers Managing SSH Keys - next steps for enterprisesSSH keys are widely used, and widely unmanaged.
SSH keys are extremely common and widely used. Many large organizations have accumulated them for twenty years without any controls. Enterprises can have hundreds of thousands or even millions of keys granting access to their servers. In large enterprises, 90% of SSH keys are typically unused and unmanaged.
Why SSH Keys are high-stakes risks for enterprises
Unused SSH keys are access that is unaccounted for, and are a target for hackers. Unmanaged keys pose significant risk to the entire enterprise. Snowden is widely believed to have exploited weak SSH key management to breach the NSA. A single key in the wrong hands gives hackers undetected access to networks, where they can create new permanent access keys for others.
Many companies lack SSH key policy enforcement. Internal IT specialists create and use SSH keys daily, often for PAM bypass - to gain access to servers for e.g. maintenance without wasting time navigating the company's access management systems.
SSH Keys - a common target for hackers
Advanced malware and hackers target SSH keys. Unmanaged, poorly configured SSH keys are particularly attractive:
-
SSH keys provide a long-term backdoor. Unmanaged keys, poorly configured keys and insecure credentials are common in large enterprise IT environments.
-
SSH keys enable hackers to spread an attack from one server to another. This "lateral movement" ability means hackers might be able to access nearly all servers in an enterprise, including disaster recovery and backup data centers
-
SSH keys are a popular "secondary attack vector" in hacks and data breaches. Common primary attacks include e.g. social engineering, malware or brute force password attack. After the hacker is inside the target network, unmanaged SSH keys are the second step - providing access to critical systems, such as servers with valuable data.
-
SSH keys often grant access to servers with company data, credit card payment environments and financial data environments
-
SSH keys are commonly configured to provide root or administrator access, thus allowing installation of malware, enabling systems to be compromised, or even destroyed
Managing SSH Keys - next steps for enterprises
Large enterprises, such as those in finance, insurance, media, tech, healthcare, retail and energy, may have up to millions of SSH keys in circulation in vast complex IT environments.
In addition to the risk of data breach, unmanaged SSH keys are a cause of audit failure and compliance failure.
We are here to help. SSH.COM founder, Tatu Ylönen, invented the SSH protocol and SSH keys. We are the experts and we help the world's biggest companies discover, manage and automate their SSH keys environments.
-
CxOs - read more about PAM bypass, how to analyze the status of your SSH keys and lifecycle key management with UKM
-
Risk and compliance officers - read the ISACA SSH guidance and learn how the world's biggest companies solve SSH key management
-
Analysts and media - read more about our key customers, and get in touch with us or check out our blog