Universal SSH Key Manager® (UKM)

Lifecycle SSH key management software for enterprises

Designed to automate vast SSH key environments

Unmanaged SSH keys are an audit failure point. UKM software helps large companies in banking, insurance, energy, construction, manufacturing, rail, healthcare, retail and more, to take control of the keys in their critical access environment and pass IT audits.

With UKM you can centrally manage large SSH key inventories - in the thousands or millions - and automate policy enforcement, consolidate visibility and simplify compliance.

Read about UKM in use at large enterprises

UKM has the clear edge over the competition

Highly effective discovery of keys and trust relationships

The first step in gaining control over your keys is knowing what you have. UKM is exceptional at discovering the keys you need to target and control.

Working with your existing SSH system, be it open source, commercial SSH software or even custom SSH software, UKM intelligently detects the configured locations on your SSH servers and creates an accurate inventory of SSH keys, then analyzes and presents the trust relationships enabled by the found keys.

ICON key discovery

Read more about SSH keys, solving IT audit failure and gaining compliance...

From the inventors of SSH

In 1995, our company founder, Tatu Ylönen, invented the SSH protocol as a student when his university login credentials were compromised. He went on to co-author various standards, NIST guidelines and ISACA best practices. The SSH protocol and SSH keys have grown to become ubiquitous secure access technology in enterprises globally today.

Building on deep expertise and demand from the world's biggest banks, retailers and industrials, SSH.COM first introduced UKM in 2012. UKM has grown to become a complete lifecycle SSH key discovery and management solution and is peerless in the industry. SSH.COM knows SSH keys. We know how to discover and analyze them in vast complex networks and we'll help you bring them under control.

Get the ISACA SSH guide

Master the SSH key lifecycle with our benchmarked process

Policy-based, process-driven

Effective, compliant key management starts with a policy-based strategy and maintains an on-going, controlled process. The SSH.COM process has been developed in the remediation and automation of vast key environments at the world's biggest banks and industrials.

UKM includes a wide variety of built-in policies that support frameworks such as SOX, HIPAA and PCI-DSS that you can tailor to your needs, or bring your own. And once you’ve set up your environment, UKM automatically implements your rules and gives you the tools to sustain your key management process.

Centralized control for all your SSH keys

We have the world's most advanced key discovery and analysis tools to help you remediate legacy keys, eliminate standing privileges and mitigate the risk from lateral movement in your critical infrastructure.

Gain and retain control of trusted access provisioning throughout the entire key lifecycle - from creation and rotation to the deletion keys - all from a single dashboard. Define key ownership per application per user. Automate the key lifecycle, get real-time visibility and audit-friendly reports.

Non-intrusive deployment

Install UKM and onboard target hosts with no agents* and no changes to existing scripts. Once installed, UKM lets you manage your key environment no matter how diverse – Windows, Linux AIX, Solaris and more. ­­­

UKM interfaces with security information and event monitoring (SIEM), 3rd-party ticketing and configuration management database (CMDB) systems, as well as hardware security modules (HSMs), offering a rich set of integration options for visibility and security.

“We found that some of our critical security safeguards such as those ensuring separation of test and production environments were easily circumvented via SSH. SSH Communications Security showed us how Universal SSH Key Manager combined with their professional services would enable us to take back control. No other vendor had the products or expertise to do this.”

Global bank Project Manager

Discover your risk exposure with our unique key analysis service

As an additional service, SSH.COM offers a guided SSH Risk Assessment to help you fully assess your SSH keys and trust relationships before getting started with UKM. Our professional services team will provide you with a comprehensive view of your most significant risks - with just a few hours of your team’s time required.

We have made SSH Risk Assessment reports for many of the world's biggest finance, retail and tech companies. The report includes compelling visualizations, analysis and compliance priorities. This sample image shows a complex network of in-policy connections, connections from unknown or bypass sources and jump host connections - to give you a sense of the typical scale of exposure to non-compliance.

Read more about SSH Risk Assessment

UKM in three key steps

ICON inspect


Non-intrusive discovery of your SSH key environment

Gain visibility to SSH keys and trust relationships between users and hosts

Flag keys that violate policies

Generate compliance reports

ICON monitor


Reduce your risk surface and pass your audit

Remove unused keys - in large financials up to 90% of keys may be unused

Restrict access to authorized keys

Renew trust relationships

ICON rocket


Intelligent total SSH key lifecycle automation 

Automate key management, including bulk key remediation and policy enforcement

Alerts for key creation and modification

Integrate with SIEMs for anomaly detection