Request demo
Universal SSH Key Manager® 

Why do enterprises keep selecting UKM?

We designed UKM together with the biggest and most successful financial and industrial companies in the world. We work together with our UKM customers to get fast results with zero disruption. We invented the SSH protocol and we have the world's best SSH expertise.

UKM technologiesCase studies


What types of organizations deploy UKM? 

Organizations at risk from large numbers of undiscovered or unmanaged SSH Keys include:

  • Large organizations with valuable IP, trade secrets or critical services on own or third party server estates.
  • Companies with large numbers of interactive and machine-to-machine server connections for e.g.  data processing, industrial processes, financial transactions, software development, etc.
  • Highly regulated industries e.g. finance, healthcare, energy and utilities, transport and logistics, utilities, media and telcos, federal/state.
  • All organizations at risk of IT security audit failure.
  • Enterprises and government agencies that have had significant IT operations for longer than 10 years.

How do we help UKM customers solve SSH security problems?


Prevent PAM bypass

IT management at a big box retailer found admins were bypassing their Privileged Access Management (PAM) with ad hoc SSH key generation.

SSH Risk Assessment discoveries:

  • Unprotected master private keys on all servers
  • Unauthorized connections from non-prod to prod
  • Small user group with massive untracked key inventory
  • Non-policy compliant, IT audit failure point

Read more about 5 ways to bypass PAM here>>>

The UKM solution:

  • 1m keys taken under management
  • 0.5m unauthorized keys over 5 years old immediately remediated
  • Automation and regular reports on entire key inventory
  • PAM bypass mitigated, policy compliant

Remedy a failed IT audit

A large investment firm failed an internal audit over lack of control over internal access to sensitive assets.

SSH Risk Assessment discoveries:

  • Users had direct access to production environment outside of the company’s PAM system
  • Attempts to use the company’s PAM to rotate passwords and enforce ticketed access to production had failed
  • Unauthorized users had access to the servers that should have been the most secure

The UKM solution:

  • Secure server group alerts for unauthorized user accounts
  • Leveraged UKM API for custom IAM automations
  • Internal access to sensitive assets audit problem solved

Replace a struggling in-house SSH solution

One of the world’s largest technology companies developed their own solution for SSH key creation but it was not able to monitor the estate or manage keys.

SSH Risk Assessment discoveries:

  • Multiple shared keys in use with access to over 30,000 servers
  • SSH keys over 20 years old running critical business processes
  • In-house solution unable to scan, monitor or remediate keys

The UKM solution:

  • Full visibility too the entire SSH key environment in one console
  • Leverage UKM APIs for automated key deployment
  • 100% legacy keys remediated and brought up to modern quantum-resistant encryption standards without breaking critical processes

State-mandated SSH Key control

A regional financial authority mandated comprehensive SSH key management for a major international bank when it failed an audit.

SSH Risk Assessment discoveries:

  • System administrators had direct access to root accounts across the server estate
  • Direct connections to production servers from development with no device restrictions
  • No control or visibility into over 10m annual SSH connections

The UKM solution:

  • 95% of SSH keys discovered were unused and deleted
  • 100% of keys made policy compliant with assigned owners
  • UKM integrated with Ansible to deploy keys required at build time

Gain compliance for billions of connections

A major financial institution’s test lab found no processes for SSH key management and needed to meet compliance standards

SSH Risk Assessment discoveries:

  • 200,000 non-policy compliant SSH keys
  • 500 root access keys over 10 years old
  • Over 90% of private keys not protected with passphrases
  • One account had over 500 copies of the same private key across multiple servers

The UKM solution:

  • All non-policy compliant keys flagged and remediated, with alerts for policy violating new keys
  • Over 1.5bn key-based logins managed in 3 years since deployment
  • Successful compliance audit

Find out more about enterprise UKM customers in our case studies

Case studies

SSH key management process in detail


UKM deployments begin with an SSH Risk Assessment, a non-disruptive report on your SSH environment

  • Full inventory of all active and potentially active keys - who has access to what, and where
  • Discovery of keys enabling PAM and jump host bypass
  • Identification of all keys violating global SSH policy capable of posing a threat
  • Detailed prioritized report on policy compliance in your SSH Key environment (e.g. NIST, SOX, HIPAA, PCI-DSS etc.)
  • Trust relationship map and evaluation against defined policies


Implement systematic monitoring and control of your SSH Key environment.

  • Highly efficient centralized key management
  • Monitor and report when and where SSH Keys are used
  • React to violations with alerts for unauthorized changes to SSH configurations
  • Remove unused or unauthorized SSH keys and renew old and weak keys
  • Prevent ungoverned distribution of SSH Keys
  • Limit access to servers to authorized sources


Automate the full lifecycle of vast numbers of SSH Keys to simplify the effort of staying compliant.

  • Integrate authorization processes with existing ticketing systems
  • Centrally manage SSH configurations Automate key provisioning, rotation and remediation
  • Automate detection and prevention of policy violations
  • Configuration lock down
  • Compliance process enforcement

Migrate to Zero Trust

Eliminate the need for standing privileges (authorized keys) for SSH access.

  • Eliminate authorized keys on servers for SSH access
  • Radically simplify the overhead of rotating SSH keys
  • Full audit and session control 
  • Transparent migration to just-in-time (JIT) and Zero Trust proof ephemeral access - without permanent SSH keys to manage or rotate.

The universal lifecycle solution

Our approach is unique, combining patented technology for non-intrusive SSH key discovery and reporting, with universal lifecycle automation for all open source SSH keys, Centrify, Attachmate, Bitwise etc.

One of the first things SSH did was to demonstrate the scope of the problem. Their SSH key discovery tool showed us that the problem was even more widespread and serious than our auditors were saying.

Financial services IT manager

SSH’s technical deployment team found we had over 1.5 million SSH user keys distributed across our entire infrastructure, including over 150,000 user keys granting root access, with no records as to who was in possession of the corresponding private keys.

Global bank IT manager

Read in-depth about UKM customer cases

UKM Case Study

Finance compliance audit success

Learn how SSH.COM helped one of the world’s largest banks solve compliance issues stemming from lack of governance over the SSH Keys used to access critical business systems.


Read more

New_Case_study_top_15_global_bank_restores compliance and reduces risk with universal SSH key manager
UKM Case Study

Prevent PAM bypass and regain control

A famous bank's internal security audit showed their development team had found a way to self-provision SSH access across production systems, by-passing access control systems in place.


Read more


UKM Case Study

Securing a Financial IT  Key Environment

This global big data analysis firm deployed UKM  to fully integrate with their AWS-hosted service to meet customer demands for secure access controls to data hosted in the cloud.


Read more


Get full UKM technical specifications

 Our unique technologies enable the analysis of vast SSH key estates, remediation tools and the automation of policy compliance.

UKM technologies