Skip to main content
banner image
venafi logo

Where Are SSH Keys Stored?

Where Are SSH Keys Stored?

SSH keys
April 29, 2022 | Alexa Hernandez

Rather than logging into servers with traditional usernames and passwords, many administrators use SSH keys to authenticate user access. Most large organizations use SSH across at least 1,000 systems. However, if these SSH keys aren’t managed correctly, they can open up thousands of vulnerabilities for a security breach.

Knowing where your SSH keys are stored and how you should manage them is crucial to protecting your organization from cyber criminal attacks.

What are SSH keys?

Secure Socket Shell (SSH) is a cryptographic network protocol that provides authentication between the server and the client to allow users to securely access network services over an unsecured network. SSH protects information by using public keys to encrypt data and private keys to decrypt them. Instead of logging into a server with a username and password, administrators usually authenticate with SSH keys.

All enterprise organizations use SSH keys to authenticate users and establish trusted access to systems. SSH keys are commonly used to automate file transforms and allow for secure management of routers, applications servers, firewalls, virtual machines, cloud instances, and more.

SSH keys simplify permission management by allowing administrators to grant access to groups of users based on their role or other qualifications. SSH keys also allow for easy access revocation when employees no longer work at the company. However, if compromised, SSH keys can be used by cyber criminals to gain privileged access to servers. The significance of SSH keys requires administrators to pay attention to where SSH keys are stored and how they are managed.

How do SSH keys work?

SSH keys work by encrypting data that is exchanged between two parties using a client-server model. The server listens to a designated port for connections while the client begins the Transmission Control Protocol (TCP) handshake with the server. Then the server and the client negotiate encryption for the session to create a shared secret key that is used to encrypt all the communication that follows.

Once the client and server have the shared secret key, they authenticate themselves. The server uses a public key to encrypt a message and send it to the client. Assuming the client has the correct private key, they can decrypt the message and send it back to the server for verification.

Where are SSH keys stored?

If you don’t know the location of your SSH keys and who has access to them, there is no way to determine if keys have been stolen, misused, or shouldn’t be trusted. Only 10% of large organizations have a complete and accurate SSH key inventory, meaning the other 90% are putting themselves at risk.

There are countless SSH implementations, such as Tectia SSH client & server, PuTTY client, WinSCP client, CyberDuck client, and OpenSSH server. Each of these clients stores SSH keys differently. Organizations that don’t maintain an accurate SSH key inventory aren’t prepared to act quickly if their SSH keys require remediation. Further contributing to the problem, many Privileged Access Management (PAM) solutions don’t cover SSH keys used to automate machine-to-machine authentication. This leaves critical business functions at risk.

How should SSH keys be managed?

An SSH management platform takes all the confusion out of tracking SSH keys and makes for a more secure environment. With a management platform like Venafi, organizations gain complete visibility over all keys and certificates. Organizations should be able to:

  • Identity all encryption assets
  • Monitor for vulnerabilities
  • Detect anomalies
  • Enforce policies
  • Automate key rotation
Benefits of well-managed keys

Protected SSH keys offer a host of benefits that extend beyond improved security. When keys are well managed, organizations have full visibility into their SSH servers, private keys, and authorized keys that grant SSH access. Having a full list in one place allows administrators to detect vulnerabilities and resolve them quickly.

With proper management, administrators can tie SSH keys back to a single individual, allowing for an effective audit trail. This helps organizations know when an individual’s access needs to be changed or revoked due to misconduct or a change in employment.

Risks of poorly managed keys

Without proper management of SSH keys, organizations are at risk of regulatory non-compliance. This non-compliance can mean violating the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), and the General Data Protection Regulation (GDPR).

It’s easy for individuals who shouldn’t have administrative access anymore to slip through the cracks. Because SSH keys don’t expire, employees who have left the organization may still have access to sensitive information or systems. SSH key rotation is one way to mediate the risks of old SSH keys. However, 63% of respondents in a Venafi study admitted they don’t actively rotate keys — even when an administrator leaves their organization.

Secure your organization with Venafi SSH Protect

SSH keys are critical to business function, but it’s easy to lose track of where SSH keys are stored and who has access to them. Your organization has thousands of SSH connections and each one can lead to a security breach if not protected. With Venafi SSH Protect, you can discover and report on how many SSH keys are active in your organization, which systems they are being used on, and who has access to them. This full automated visibility keeps your organization secure and allows you to scale operations.

Interested in learning more about SSH keys and how they should be managed? Download our SSH Machine Identity Management for Dummies guide.


Like this blog? We think you will love this.
how ssh works
Featured Blog

How Secure Shell (SSH) Keys Work

How it works SSH is a type of network protocol that creates a cryptographically secure

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Alexa Hernandez
Alexa Hernandez

Alexa is the Web Marketing Specialist at Venafi.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more