SSH Key Proliferation - Who Has Your Keys?
SSH Is Everywhere
Every company on the Fortune 1000 list uses SSH (Secure Shell) in their corporate IT infrastructure. The SSH protocol provides secure, trusted access to every router, firewall, database host, application server, and other networked resource within the corporate infrastructure - both on-premise and in the cloud.
SSH keys are a powerful feature of the SSH protocol that allow administrators, application owners, and developers to securely access these resources remotely. SSH keys also enable secure automated file transfers, remote command execution, and securing the countless automated operations and machine-to-machine transactions that are necessary in large scale corporate network environments.
SSH Key Proliferation
The popularity of SSH has lead to a proliferation of SSH keys in corporate networks. Our experiences in real-life customer engagements have shown that the number of automated, scripted, or other non-interactive SSH identities outnumber human user by a factor of ten. Consequently, the number of deployed SSH keys in the same networks can be staggering.
In a rather typical enterprise network with 10,000+ servers we have encountered over 1 million SSH keys. These unmanaged SSH keys have been provisioned over the years, and their ownership was unknown, yet in many cases they still provided the access to whomever was in possession of the corresponding private key.
A situation like this is of course not compliant with common sense, corporate security policy, or any possible regulatory compliance mandate. This issue is common, and has become so widespread that it has been identified as “a gaping hole in Identity & Access Management” by IDC.