SSH or secure shell is a secure network protocol that enables two devices or machines to connect and communicate with each other securely over an unsecure network. SSH keys are cryptographic credentials (consisting of a public and a private key pair) used for authenticating and securely accessing computers, servers, machines, and devices. They enable network administrators to manage systems/applications by allowing them to log into a computer, move files between computers, and execute commands remotely.
In recent years, we have seen increased adoption of the SSH (Secure Shell) protocol and SSH keys. SSH is a fundamental tool for securely accessing and managing remote systems. Here are some of the modern day uses cases that continue to drive the volume of SSH machine identities in play across organizations:
Since SSH keys provide access to mission-critical systems and guard confidential data, managing them well and protecting them from malicious actors is critical. Security teams need to be in complete control of where SSH keys are deployed, the levels of permitted access, and the status of keys. This meticulous oversight helps identify unused, orphaned, and defunct keys and prevent them from misuse. However, as SSH keys can be generated fairly quickly and easily, the volume of keys continues to grow across various enterprise systems and networks making it highly complex for security teams to take control. Given the complexity, security teams tend to overlook SSH key management, making it one of the prime attack vectors.
Here are the reasons that make SSH key management challenging:
Unlike SSL/TLS certificates, SSH keys do not have an expiration date. So, they tend to multiply across an organization over time. It is said that a typical Fortune 500 enterprise has close to a million SSH keys. Managing such a large number of keys without a centralized system is impractical and a nightmare for security teams. They struggle to maintain visibility into these keys and monitor their access privileges. As a result, multitudes of keys are left unmanaged for years, resulting in static, stale, and stray keys, increasing the risk of key exposure, unauthorized access, lateral movement, and security breaches.
As mentioned earlier, SSH keys never expire. These keys continue to provide access to business critical systems and applications unless explicitly removed. Often, hackers target obsolete SSH keys that remain in the network, unknown to administrators. If an attacker manages to forge or steal these old SSH keys, the attacker can remain undetected, accessing mission-critical servers. Detecting outdated or unused keys and promptly deleting or invalidating them is essential to prevent key theft or misuse. However, administrators fail to do this as they have no centralized view of keys or key-related insights, such as trust relationships, access privileges and crypto-standards. An important security measure recommended to prevent key misuse is key rotation, i.e., deleting and re-provisioning keys regularly. As a best practice, keys must be rotated periodically, but rotating keys without visibility into their dependencies and configurations, can result in system and application outages and downtime.
Key distribution, rotation, revocation, and removal are essential steps that must be diligently followed in SSH key management. However, tracking thousands of SSH keys in spreadsheets and carrying out these steps manually makes it impossible to scale and keep up with these crucial lifecycle operations. For example, when users leave an organization or switch between departments, their access must be revoked immediately. But doing so manually by checking every server in order to delete the user’s associated key to revoke access takes a humongous effort. Also, with the discovery of new SSH threats, such as the Terrapin attack (December 2023) that left 11 million SSH servers vulnerable, it is crucial for organizations to have complete visibility into SSH infrastructure and crypto-agility to replace or upgrade vulnerable SSH versions as quickly as possible.
SSH Keys can be easily generated by anyone within the system using simple commands. Creating and using keys on an ad-hoc basis results in a large volume of keys, often with excess privileges. Keys are also sometimes shared between multiple servers, increasing security risks. Another challenge is the creation of weak keys with lower bit-length or outdated algorithms, which makes systems more susceptible to attacks. Mitigating these risks requires well-defined processes and standardization in key creation, deployment, rotation, and revocation. However, the lack of a centralized solution makes it difficult for security teams to control SSH keys – right from their generation and configurations to their access control privileges, resulting in discrepancies, vulnerabilities, and compliance issues.
The secure communication that the SSH protocol provides is sure to promote its adoption. The number of SSH keys is bound to proliferate, making it ever more difficult to manage manually. Though SSH is secure, it is not a one-time exercise. Uncontrolled key deployments and practices can pose a serious threat to enterprise security.
In an age where attack vectors are growing more advanced by the minute, security and IT teams should ensure that they leverage a well-documented SSH key management strategy and follow industry best practices to protect their SSH keys. By gaining complete visibility into SSH keys, automating their lifecycle management, and enforcing audit and policy, organizations can ensure that their SSH keys are well protected, enhancing security both on-premises and in the cloud.
To learn more about how AppViewX helps organizations gain visibility and control of SSH keys, contact us today or visit: https://www.appviewx.com/solutions/ssh-access-control/.
*** This is a Security Bloggers Network syndicated blog from Blogs Archive - AppViewX authored by Krupa Patil. Read the original post at: https://www.appviewx.com/blogs/four-reasons-why-ssh-key-management-is-challenging/