Skip to main content
banner image
venafi logo

SSH Study: Are Your Keys Protected?

SSH Study: Are Your Keys Protected?

November 2, 2017 | Emil Hanscom

Secure Shell (SSH) is a security protocol broadly used by organizations of all types. As such, SSH is used by administrators to remotely manage Unix/Linux servers, routers and firewalls as well as many other systems.

Despite its importance, most organizations have limited, or no, formal SSH policies or management in place. Unfortunately, this means cyber criminals can easily abuse SSH keys that secure and automate administrator-to-machine and machine-to-machine access to critical business functions.

Venafi recently conducted a study that evaluated how organizations manage and implement SSH in their environments. Over 400 IT security professionals with in-depth knowledge of SSH participated, however, the study reveals a widespread lack of SSH security controls.

For example, 63% of the study respondents admit they do not actively rotate keys, even when an administrator leaves their organization, which can allow the former employees to have ongoing, privileged access to critical systems.

Additional highlights from the study:

  • Organizations are blind to malicious insiders.
    • 61% of respondents do not limit or monitor the number of administrators who manage SSH; only 35 percent enforce policies that prohibit SSH users from configuring their own authorized keys.
  • There is no way to determine if keys have been stolen, misused or should not be trusted.
    • 90% of the respondents say they do not have a complete and accurate inventory of all SSH keys.
  • Attackers can gain elevated privileges.
    • Only 23% of respondents rotate keys on a quarterly or more frequent basis. 40% said that they don’t rotate keys at all or only do so occasionally. Attackers that gain access to these SSH keys will have ongoing privileged access until they are rotated.
  • No port forwarding controls means big trouble for organizations.
    • 51% of respondents said they do not enforce “no port forwarding” for SSH. Port forwarding allows users to effectively bypass the firewalls between systems so a cybercriminal with SSH access can rapidly pivot across network segments.
  • Attackers can keep using compromised SSH keys.
    • 54% of respondents do not limit the locations from which SSH keys can be used. For applications that don’t move, restricting SSH use to a specific IP address can stop cybercriminals from using a compromised SSH key remotely.

“A compromised SSH key in the wrong hands can be extremely dangerous,” said Nick Hunter, senior technical manager for Venafi. “Cybercriminals can use them to access systems from remote locations, evade security tools, and often use the same key to access more systems. Based on these results, it’s very clear that most organizations have not implemented SSH security policies and restricted SSH access configurations because they do not understand the risks of SSH and how it affects their security posture.”

Are you protecting your SSH keys?

Like this blog? We think you will love this.
Featured Blog

From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web

Research: Venafi and Forensic Pathways

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more