Secure Shell (SSH) is a critical machine identity that every IT administrator uses. It provides a means to authenticate remote machines, such as Linux devices, Unix and Windows servers and network appliances, so they can securely connect and communicate with one another.
But too often organizations give administrators root-level SSH access to machines, even though having that access rarely is necessary. There are several reasons why allowing this level of access puts organizations at risk for everything from advanced malware like TrickBot to unknown permanent, backdoors that take down an entire infrastructure without warning.
Therefore, it’s very important to manage root-level SSH access, limiting the times that access is allowed to anyone as well as continually monitoring all root-access keys. Read on to learn more about why this security control is so important—and steps you can take to control it.
The root is the superuser account in Unix and Linux based systems. Once you have access to the root account, you have complete system access. It’s not surprising that hackers find root access keys to be such a valuable target—once you can gain access into a system, there’s no limit to what havoc you can wreak!
Threat actors leverage bots to scan the internet for systems with exposed SSH ports. Once they find one, they attempt to log in using common usernames and crackable passwords. If they succeed, they hit the jackpot because they can now compromise the whole system. This chaos could have been avoided had the organization elected not to trust their admins to properly manage the keys to the kingdom.
Much of the problem has to do with how admins typically create and manage SSH root-level keys. Marty Milbert, Global Principal Architect for Venafi, says that there should only be one root-level key per server. Too often, however, this is anything but the case. “What we're finding is there's one key to 24,000 servers. So, if I were to steal that one key, I'd have access to the entire organization.” Milbert explains.
Adds Milbert: “The problem behind it is the fact that this key is an authentication point. It makes the connection. How do they track it? When it comes to audit, how do they know who did what?”
The risks above make plain why it is bad practice to allow root-level SSH access. So, here are three best practices you can employ to minimize the risk in your organization.
Although the use of sudo and SSH keys is a great step towards securing critical systems, it is equally important to protect these SSH keys. SSH machine identities are used in every data center in the world, half of the world’s web servers, and practically every Mac, Unix or Linux computer—whether on-premises or in the cloud.
The sheer quantity of SSH machine identities being deployed makes effective management difficult. Yet cracking just one SSH machine identity allows attackers to pivot to other systems. With that level of access, attackers can explore your enterprise’s entire network and steal the most lucrative data they find.
Are you sitting on an SSH ticking time bomb? Take control over your SSH keys without disruptions or outages with Venafi’s SSH Protect.