SSH Risk Assessor (SRA) from SSH Communications Security is a lightweight scanning and reporting tool that enables security auditors to obtain actionable information as to the state of compliance and risk with respect to SSH identity and access management.
SRA is designed for use by security personnel and external auditors responsible for helping large enterprises identify and address IT security risk and compliance issues. SRA is currently available for free to any qualified user upon qualification by an SSH solutions consultant.
We are currently accepting requests for invitations for SRA. If you would like more information or would like to register for an invitation, please complete the form below.
To request a copy click here.
What SRA can do for you:
- Generate a report to identify:
- Total amounts of keys and related users
- Host OS platforms and SSH versions
- Known and unknown trust-relationships
- Amount of root authorizations
- User keys without command restrictions
- User keys without source address or host
- Scan environment for SSH user and host keys:
- Duplicate/shared private keys
- Private keys without passphrase protection
- Key age, algorithms and lengths
- User keys in non-root owned directories and writable by non-root users.
- Reachability analysis to determine potential damage due to a compromised private key
Compare findings with:
- Current IAM tracking to identify undocumented and/or unauthorized keys
- SSH version and access policies
- Key cryptography policies
- Key rotation practices
- SOX DS 5.8 Cryptographic key management for secure key storage and revocation
- HIPAA Information Access requirements for key protection, strength, age, access and audit
- NIST/FISMA section C.2.2 requirements for structured and documented process for key allocation, distribution and tracking. Key algorithm enforcement and tracking
- NERC CIP-007-4 R5 Account Management requirements
- PCI section 8.5.x access controls (SSH under consideration for PCI V3)
|Supported platforms for scanning
- IBM AIX 5.3, 6.1, 7.1
- Oracle Solaris 9, 10, 11 (SPARC)
- Oracle Enterprise Linux 5.4, 5.5, 5.6, 5.7
- Red Hat Enterprise Linux 4, 5, 6
- SUSE Linux Enterprise Server 10, 11
- HP-UX 11iv1, 11iv2, 11iv3
|Supported SSH versions
- Tectia 6.0 or newer
- OpenSSH 4.0 or newer
|System dependencies for scanning
- All scanned system must have Perl 5.6 or later installed
|Supported platform for analysis tool