Your browser does not allow storing cookies. We recommend enabling them.

Mismanaged Secure Shell Keys Present an Easy Target in Hacker Attacks


SSH Communications Security Offers Access Mitigation Process to Remediate Mismanagement of Secure Shell Environments

HELSINKI and WALTHAM, Mass., Feb. 11, 2015 – Recent major cybersecurity breaches have underscored the dire state of Secure Shell key mismanagement in the networks of major enterprises, financial institutions and federal agencies. To cut down on the growing incidence of hackers stealing Secure Shell keys as part of their spoils, SSH Communications Security today shared best practices that organizations can leverage to prevent attacks before they occur and remediate the fallout from a breach once one has already taken place.

Secure Shell keys are often mismanaged, leaving many lost or forgotten throughout the network environment. If these keys are stolen during a security breach, they can be used to maliciously access servers with sensitive data. To ensure that personally identifiable information (PII), intellectual property and other information assets are protected in the event of a breach, organizations must:

  • Monitor all connections: Monitor all Secure Shell key-based authorizations for any suspicious activity.
  • Nullify leaked keys: Rotate all Secure Shell private keys and related authorizations to make leaked keys obsolete in order to remediate or mitigate the issue as fast as possible.
  • Verify all authorizations: Identify and validate all unknown (and known) authorizations. Remove all keys and authorizations that are obsolete against policies and non-business purposes.
  • Enforce key restrictions: Make keys valid only from defined locations and lock down Secure Shell keys and servers.
  • Continuously monitor the environment: Enforce proper monitoring and controls for privileged user access, activities and performed actions. Enable continuous monitoring across the environment to identify any unauthorized connections or changes in the environment.

For more information on best practices, visit

Tatu Ylönen, chief innovation officer and founder, SSH Communications Security, said: “2014 was a record-breaking year in terms of data breaches, and there is no reason to believe that 2015 will be any better. Cloud services and the Internet of Things are creating an ever-expanding threat landscape, leaving organizations more vulnerable than ever to attack and potential theft of critical assets – including Secure Shell keys. We have assembled these best practices based on years of experience in order to help organizations protect their data both proactively and after the fact.”

About SSH Communications Security

As the inventor of the SSH protocol, we have a twenty-year history of leading the market in developing advanced security solutions that enable, monitor, and manage encrypted networks. Over 3,000 customers across the globe trust the company’s encryption, access control and encrypted channel monitoring solutions to meet complex compliance requirements, improve their security posture and save on operational costs. SSH Communications Security is headquartered in Helsinki and has offices in the Americas, Europe and Asia. The company’s shares (SSH1V) are quoted on the NASDAQ OMX Helsinki.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now