Skip to main content
banner image
venafi logo

Recent SSH Vulnerability Highlights the Importance of Automated Key Management

Recent SSH Vulnerability Highlights the Importance of Automated Key Management

automation in digital key management
July 10, 2019 | Bart Lenaerts

SSH has become the machine interface of choice for administrative and automation processes. Built into many operating systems and devices, SSH is very popular as a vehicle to automate authentication usage. However, using SSH is not without risk, especially if we don’t actively manage SSH machine identities or are not prepared to address any vulnerability exploits that may arise.

 

As reported by ZDNet recently, one of SSH’s key developers updated the SSH source code to protect against potential side channel attacks leading to compromise of private keys. This news was reported a month after Cisco disclosed an SSH vulnerability, indicating that their devices shipped with common default authorized keys.
 


 

What we learn from this story is that SSH is more than just an interface, it is a lively tool that is well adopted within a strong community that keeps updating it. If you don’t believe me, look no further than Google’s Chrome SSH plugin, which is an SSH client with close to 1 Million current users.

 

Yet, many organizations seem to be unaware of the privileged access that SSH keys grant within their networks. So they largely ignore that SSH keys can represent a true risk. Granted, they do support the popular automated authentications. But once these keys are compromised—via known vulnerabilities or other oversights—access to the crown jewels is immediately at hand for cyber attackers.

 

Ready to take control of your SSH keys? Read our white paper.

 

How exposed are unprotected SSH keys? The answer is that SSH key theft is a realistic scenario that teams need to think about. To avoid the risk of an SSH compromise, you need to know who owns your SSH keys, where they are being used and how many SSH keys you have in play. To remediate any negative findings, you also need to be prepared to revoke SSH keys that are out of compliance—especially in the case of an emergency key rotation, this has become a must for threat defenders as well as info risk planners. 
 


Basically, you need to know everything about where your SSH keys are running at any given moment. To do that, you’ll need to be able to do the following:

  • Understand where keys have been generated and which connections they enable.
     
  • Monitor SSH key usage to detect anomalies and get notified of any suspicious deviance
     
  • Establish automated processes to revoke or clean up potential compromised keys in seconds
     

However, protecting SSH keys may be easier said than done. Implementing these requirements is not a simple task because you may already have a lot of SSH keys in use. In fact, based on anecdotal research, enterprises have 10 to 100x more keys then they estimate.


So, inventory alone is not an easy task. But even if you manage to complete that herculean task, it may be difficult to find the resources to implement monitoring and remediation can lead to interruptions.
 

That’s why security savvy organizations go for a specialized solution which provides visibility, intelligence and automation of all your SSH keys and the connections they enable. The right solution will arm your security incident response teams with a weapon that’s ready to respond when needed. But it will also give your info security teams with the insights they need to adapt to rapidly emerging threats.
 


SSH keys are a powerful element to automate authentications. But that also makes them a desirable tool for adversaries to open the doors to the kingdom. The good news is that the community that created SSH keys is alive and maintaining these valuable tools against some of the biggest computer hardware flaws ever seen. But you will also need to do your part by actively protecting the SSH keys within your organization with the visibility, intelligence and automation to continuous monitor risk and respond quickly if SSH keys are stolen.  

Learn more about Venafi SSH Protect solutions.

 

Learn more about machine identity protection. Explore now.

 

Related posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

About the author

Bart Lenaerts
Bart Lenaerts
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat