Your browser does not allow storing cookies. We recommend enabling them.

SSH Risk Assessment™

SSH Risk Assessment is a security assessment service that delivers a detailed analysis of risks around SSH (Secure Shell) mismanagement in an organization. It evaluates the likelihood and likely impact of compromise. The service uses SSH.COM's unique advanced scanning software and provides a detailed report, data visualizations, compliance checklists, and priorities for risk mitigation.

Why do you need to assess SSH key risk?

SSH keys are an obiquitous access credential that has gone unmanaged in many organizations for years. Several of our customers have millions of SSH keys in their environment. Even smaller organizations are often surprised by how many they have. We find that typically about 10% of the keys grant root access and about 90% of keys should be no longer in use but persist as a vulnerability and continue to grant access.

The most common way for hackers to spread within an enterprise is by stealing credentials, such as passwords, SSH keys or Active Directory tokens. Hacking tools, such as the leaked CIA hacking tools are often designed to steal SSH keys and their passphrases. SSH keys and poorly managed or unmanaged SSH environments are a popular target for hackers. Just one root access key can give a hacker access to an enterprise's critical systems and data undetected.

The impact of an SSH key-related breach can be severe. SSH keys typically grant command-line access, often to privileged accounts, database accounts, service accounts, and administrator accounts. An attacker can steal data, inject fraudulent data, subvert encryption, leave persistent backdoors, and even destroy the server. In poorly managed and unmanaged environments, the way SSH keys are configured enables attackers to spread throughout most of the server environment, including to disaster recovery data centers and backup systems.

Our approach helps decsion-makers understand the unique circumstances of their organization, meet the needs of internal and external audits, gain and remain compliant and take a proportionate approach to prioritizing SSH in the risk portfolio.

Anonymized data visualztions from real customer environments

Access from DEV to PROD

The blue connections in this image are access from DEV (blue) to PROD (green).

Access from Dev to Prod

Access between servers

This image shows several central servers that are able to access many of the other central servers and a large number of peripheral servers.

SSH Access that Looks Like Cat's Yarn Ball

SSH Risk Assessment™ service

SSH Risk Assessment is an assessment service that addresses this need to have more information around the use of SSH and key-based authentication within your organization. It leverages our in-depth technology expertise, our industry leading IP, our custom-developed scanning and reporting software, and our wide-ranging experience with thousands of customers, to provide a service that is fast, efficient, and effective. You also get actionable information that helps convince higher management that addressing the issue is a priority.

  • Fast - Completed in a few days and requires only a few hours of your staff time.
  • Non-invasive - Our tools do not require software agents to be installed and do not make any changes on your hosts. No private keys are collected or moved.
  • Comprehensive - You get an analysis of the most significant risks including compelling visualizations of trust relationships and compliance roadblocks.
  • Prioritized - We tell you what to focus on first and why.
  • Safe - No information or data leaves your control.

SSH Risk Assessment is the first step on the path to mitigation of SSH key risk and compliance. To keep control and automate the SSH key lifecycle we offer solutions, including Universal SSH Key Manager and PrivX cloud access management software.

What's included in our reports?

Data itemExplanation
Key managementReview and analysis of policies and procedures for lifecycle management of public/private key pairs
Separation of dutiesScan and discovery of any SSH access that crosses between dev and prod environments
Authorizations to rootDiscovery of all keys authorized for root access
Transitive trust analysisAnalysis of which keys provide broadest access into the network
Key size reportReport and statistics on key sizes. Weak keys highlighted.
Key age reportAnalysis and statistics on key age. Keys older than 2 years and older than 5 years highlighted.
Key protection analysisReport on private keys stored in clear text and/or transmitted in clear text
Least privilege analysisReview of service and root account access authorizations
Privilege escalationReview of whether current SSH configurations and controls prevent unintended escalations of access
SSH software managementReport on SSH versions in use. Identifies any insecure versions that should be upgraded.
ComplianceReport on potential audit findings for selected compliance mandates (PCI DSS, Federal Cybersecurity Framework, NIST 800-53, MAS, BASEL II & III, and others)
Summary and recommendationsHighlight most risks and compliance issues, recommendations and alternatives for remediation
Onsite consultationOur consultant will meet with you to review the findings and recommendations

Technical specifications

Supported platforms for scanning

  • HP-UX 11v1, 11v2, 11v3
  • IBM AIX 5.3, 6.1, 7.1
  • Oracle Solaris 8, 9, 10, 11
  • Oracle Enterprise Linux 5.4, 5.5, 5.6, 5.7
  • Red Hat Enterprise Linux 4, 5, 6, 7
  • SUSE Linux Enterprise Server 9, 10, 11, 12

Supported SSH versions for scanning

  • Tectia SSH 6.0 or newer
  • OpenSSH 4.0 or newer

All scanned systems must have Perl 5.6 or newer installed.

We have scanned the vast network environments of some of the world's largest financial, industrial and retail companies with thousands and thousands of servers. Please get in touch to discuss your needs.

Request more information

For more information, please use our contact us form >




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now