SSH Key Remediation

Discovery, Monitoring, Automating, and More

SSH key remediation requires a deep understanding of the technical complexities of secure shell deployments in enterprise class environments. Without the expertise to properly level your environment you could put critical business processes at risk and won’t have the important tools you need to keep your environment secure and in compliance going forward. That is why SSH Communications Security is trusted by leading Fortune 500 global companies to safely solve their secure shell access control issues without putting mission critical business operations at risk.

Most importantly, discovery alone is not enough. SSH key remediation entails six must have components designed to keep your environment safe, secure and in compliance.

For more a detailed look, download our comprehensive guide to SSH key remediation which provides a in depth view of industry wide best practices.

The SSH key remediation process:

  • Discovering all existing trust-relationships (who can access what). This requires discovering of all user keys that are authorized for login (“authorized keys”) and all private keys (“identity keys”). This must be done for all users on all servers (and preferably also desktops), and involves several special issues.
  • Monitoring the environment in order to determine which keys are actually used and where the keys are used from (one or multiple sources) and removing keys that are no longer in use. In addition, you need the ability to continuously monitor the environment to detect and alert on any non-approved key setups or removals
  • Enforcing proper processes for all key setups and other key operations by relocating all authorized keys to a root-owned location and changing SSH configuration accordingly, so that only the key manager (or root) can remove or install new authorized keys, and detecting unauthorized key operations occurring outside the key manager (e.g. keys set up by a root user) and generating alerts about such key activities
  • Automating key setups and key removals, eliminating manual work, human errors, and reducing the number of administrators who need to have sufficient privileges to do key setups from possibly several hundred to essentially nobody (though root can do it, but such setups are detected, and the few administrators with high-level access to key manager can also cause it to create new keys)
  • Rotating keys, i.e., changing every authorized key (and corresponding identity keys) regularly, so that any compromised (copied) keys cease to work and proper termination of access can be ensured
  • Controlling where each key can be used from and what commands can be executed using the key.

For a key remediation assessment and consultation please contact our technical sales team.