SSH Key Proliferation
SSH Is Everywhere
Every company in the Fortune 500 uses the SSH (Secure Shell) protocol in their corporate IT infrastructure. The SSH protocol provides secure, trusted access to routers, firewalls, database hosts, application servers, and other networked resources within the corporate infrastructure - both on-premise and in the cloud.
SSH keys are a powerful feature of the SSH protocol that allow administrators, application owners, and developers to securely access these resources remotely. SSH keys also enable secure automated file transfers, remote command execution, and secure the countless automated operations and machine-to-machine transactions that are necessary in large scale corporate network environments.
Millions of SSH Keys Found In Enterprises
The popularity of SSH has lead to a proliferation of SSH keys in corporate networks. We have run thorough scans of customer networks, including large multi-national enterprises, governmental agencies and technology companies. Our research has shown that the number of automated, scripted, or other non-interactive SSH identities typically outnumber human users by a factor of ten. Consequently, the number of deployed SSH keys in vast multi-national networks can be staggering.
In large enterprise networks with 10,000 plus servers we have encountered from one million to over three million SSH keys in circulation. These SSH keys have usually been provisioned over many years, with their ownership and purpose now unknown, yet in many cases they still provide access to whomever was in possession of the corresponding private key.
A situation like this is of course not compliant with common sense, corporate security policy, or regulatory compliance mandates. The issue of unmanaged SSH keys is common, and has become so widespread that it has been identified as “a gaping hole in Identity & Access Management” by IDC.