Skip to main content
banner image
venafi logo

Top 4 Risks of Weak SSH Key Management

Top 4 Risks of Weak SSH Key Management

Risks of weak SSH key management
November 7, 2017 | David Bisson

Secure Shell (SSH) is a network protocol that establishes a cryptographically secure connection between two parties. As such, it plays a crucial role in protecting information those parties exchange. But the network protocol isn't foolproof. If organizations mismanage their SSH keys, they could expose themselves to significant digital security risks. That's especially the case if they have lots of untracked persistent SSH trust relationships in their encryption environments.

What do you know about protecting your machine identities? Find out. 


Here are four big risks of weak SSH key management that your organization should have on its radar.

  1. Unauthorized Access
    Bad actors could abuse unprotected SSH keys to gain unauthorized access to privileged accounts. For instance, if an organization keeps default SSH configurations, that means users can manage their own authorized SSH keys. An attacker could exploit this setting by compromising a privileged user and setting up a backdoor key. Alternatively, they could leverage poorly protected private keys to gain illegitimate access to sensitive business accounts. Both external actors and malicious insiders could accomplish these methods of intrusion. In addition, if the organization doesn't properly monitor its SSH keys, terminated employees could retain access to sensitive business information long after they walk out the door.
  2. Pivoting
    "Pivoting" in this sense refers to computer criminals' ability to jump from system to system. Unfortunately, attackers could easily pivot on an organization's network by abusing persistent SSH trust relationships to their advantage. That's especially the case if administrators don't review those keys often or maintain strong oversight over them.
  3. Circumvent Security Controls
    While they're busy pivoting, attackers could come across firewalls and other security technologies designed to block malicious network activity. Unfortunately, if companies don't properly control their SSH environment, they could potentially bypass these safeguards by configuring SSH for port forwarding. Doing so would allow the attackers to communicate with other systems that leverage authorized connections via firewalls and thereby find an alternate yet nonetheless "approved" route through the network.
  4. Unauthorized Use of SSH Server
    Organizations need to be careful when activating an SSH server, as these types of assets enable remote login. Attackers could abuse this facet in a poorly controlled SSH environment using free implementations like OpenSSH to surreptitiously enable SSH on critical assets. With SSH set up, attackers could then gain remote access to an asset and thereafter do whatever they want with it.

The Importance of SSH Controls

To defend against the threats described above, it's imperative that organizations properly manage and configure their SSH environments. A follow-up blog post will delve deeper into that topic. For now, you can learn more about SSH key management here.

Learn more about machine identity protection. Explore now.

Like this blog? We think you will love this.
Confused young woman holding glasses up above her eyes
Featured Blog

5 Places You’d Be Surprised to Find SSH Keys

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies

Machine Identity Protection for Dummies

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more