Skip to main content
banner image
venafi logo

SSH Study: Are Your Keys Protected?

SSH Study: Are Your Keys Protected?

November 2, 2017 | Eva Hanscom

Secure Shell (SSH) is a security protocol broadly used by organizations of all types. As such, SSH is used by administrators to remotely manage Unix/Linux servers, routers and firewalls as well as many other systems.

Despite its importance, most organizations have limited, or no, formal SSH policies or management in place. Unfortunately, this means cyber criminals can easily abuse SSH keys that secure and automate administrator-to-machine and machine-to-machine access to critical business functions.

Venafi recently conducted a study that evaluated how organizations manage and implement SSH in their environments. Over 400 IT security professionals with in-depth knowledge of SSH participated, however, the study reveals a widespread lack of SSH security controls.

For example, 63% of the study respondents admit they do not actively rotate keys, even when an administrator leaves their organization, which can allow the former employees to have ongoing, privileged access to critical systems.

Additional highlights from the study:

  • Organizations are blind to malicious insiders.
    • 61% of respondents do not limit or monitor the number of administrators who manage SSH; only 35 percent enforce policies that prohibit SSH users from configuring their own authorized keys.
       
  • There is no way to determine if keys have been stolen, misused or should not be trusted.
    • 90% of the respondents say they do not have a complete and accurate inventory of all SSH keys.
       
  • Attackers can gain elevated privileges.
    • Only 23% of respondents rotate keys on a quarterly or more frequent basis. 40% said that they don’t rotate keys at all or only do so occasionally. Attackers that gain access to these SSH keys will have ongoing privileged access until they are rotated.
       
  • No port forwarding controls means big trouble for organizations.
    • 51% of respondents said they do not enforce “no port forwarding” for SSH. Port forwarding allows users to effectively bypass the firewalls between systems so a cybercriminal with SSH access can rapidly pivot across network segments.
       
  • Attackers can keep using compromised SSH keys.
    • 54% of respondents do not limit the locations from which SSH keys can be used. For applications that don’t move, restricting SSH use to a specific IP address can stop cybercriminals from using a compromised SSH key remotely.

“A compromised SSH key in the wrong hands can be extremely dangerous,” said Nick Hunter, senior technical manager for Venafi. “Cybercriminals can use them to access systems from remote locations, evade security tools, and often use the same key to access more systems. Based on these results, it’s very clear that most organizations have not implemented SSH security policies and restricted SSH access configurations because they do not understand the risks of SSH and how it affects their security posture.”

Are you protecting your SSH keys?

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

lawyer reading from legal books on a desk, with a scale in the foreground

Do We Trust Governments to Effectively Regulate Privacy? [Ask Security Professionals]

hands reaching out of laptop screen holding ballot box, another person's hand casting a vote
Encryption

Will Encryption Backdoors Hurt Election Infrastructure? Security Professionals Say Yes.

Man standing in front of a cyber-secured world.

What If You Could Guarantee Eliminating Outages in Your Organization?

About the author

Eva Hanscom
Eva Hanscom

Eva is Public Relations Manager at Venafi. She is passionate about educating the global marketplace about infosec and machine-identity issues, and in 2018 grew Venafi's global coverage by 45%.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat