The modern “trusted enterprise” is synonymous with a near-universal technology called Secure Shell (SSH). Rather than logging into a server with a traditional username and password, which are hard to remember and subject to loss, theft, or compromise, server administrators typically authenticate to their target machines using a trusted SSH key. The key substitutes user credentials, effectively allowing the administrator to log into the system through the key.
SSH is a cryptographic network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network. SSH provides strong authentication and encrypted data communications between two computers connecting over an open network such as the internet. It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP). SSH refers both to the cryptographic network protocol and to the suite of utilities that implement that protocol. An SSH server, by default, listens on the standard Transmission Control Protocol (TCP) port 22.
Ubiquitous usage, combined with relative low-profile visibility and poor management controls, makes SSH an enticing target for exploitation. Once compromised, SSH keys can be used by cyber criminals to gain privileged access to servers and perform nefarious activities, while remaining undetected.
The protocol is used in corporate networks for providing secure access for users and automated processes, facilitating interactive and automated file transfers, issuing remote commands and managing network infrastructure and other mission-critical system components. SSH is also important in cloud computing to solve connectivity problems, avoiding the security issues of exposing a cloud-based virtual machine directly on the Internet.
There are various SSH implementations, such as Tectia SSH client & server for Windows, Unix and Linux, PuTTY client for Windows and Linux, WinSCP client for Windows, CyberDuck client for Mac and OpenSSH server for Unix, Linux.
The first version of SSH appeared in 1995 and was designed by Tatu Ylönen, who was, at the time, a researcher at Helsinki University of Technology. Over time various flaws have been found in SSH-1, and that version is now considered to be deprecated and not safe to use.
SSH-2, the current version of secure shell protocols, was adopted as a Standards Track specification by the Internet Engineering Task Force (IETF) in 2006 (RFC 4251, 4252, 4253, 4254). SSH-2 is not compatible with SSH-1 and uses a Diffie-Hellman key exchange and a stronger integrity check to improve security.
The protocol works in the client-server model, which means that the connection is established by the SSH client connecting to the SSH server. The SSH client drives the connection setup process and uses public key cryptography to verify the identity of the SSH server. After the setup phase the SSH protocol uses strong symmetric encryption and hashing algorithms to ensure the privacy and integrity of the data that is exchanged between the client and server.
The figure below presents a simplified setup flow of a secure shell connection.
There are several options that can be used for user authentication. The most common ones are passwords and public key authentication. The public key authentication method is primarily used for automation and sometimes by system administrators for single sign-on. The idea is to have a cryptographic key pair, a public key and a private key, and configure the public key on a server to authorize access and grant access to the server to anyone who has a copy of the private key. The keys used for authentication are called SSH keys.SSH keys can be used to automate access to servers. They are commonly used in scripts, backup systems, configuration management tools, and by developers and sysadmins. They also provide single sign-on, allowing the user to move between his/her accounts without having to type a password every time. This works even across organizational boundaries, and is highly convenient.
However, poorly managed SSH keys can become a major risk in larger organizations. Large organizations, like the banking sector, retailers and healthcare have more SSH keys than they imagine, and managing SSH keys has become very important. Enterprises using SSH should consider finding ways to manage host keys stored on their client systems. Ensuring proper policies, processes, and audits also for SSH usage is critical for proper identity and access management.
The SSH protocol is believed to be secure against cryptographic attacks on the network, provided keys and credentials are properly managed. Because of the importance of SSH keys, there is a strong interest from intelligence organizations and other attackers towards SSH credentials. They are a primary way for hackers to spread within the target organization. Such was the case of the alleged CIA hacking tools BothanSpy and Gyrfalcon that were targeting various SSH implementation with the objective of stealing SSH keys and passphrases.
Discovered SSH vulnerabilities highlight the importance of SSH keys security. SSH keys protect against man-in-the-attacks, but they need to be properly managed. Organizations need to implement SSH security policies which cater for restricted SSH access configurations, and periodical changes or whenever a compromise is suspected.