Universal SSH Key Manager®

UKM technical details

More about the key features and the technology behind UKM. From the inventors of the SSH protocol.

SSH Risk AssessmentUKM data sheet

Universal SSH Key Manager technical architecture 

UKM was designed to monitor, remediate and manage keys without disrupting processes. UKM does not require the installation of scripts or agents on target servers leaving a light footprint in your environment.



UKM Backend(s)

Runs the management engine, and also communicates with hosts inside the managed key environment. Management connections are encrypted with SSH.

UKM Frontend(s)

Provides the interface for administration and management. This includes the GUI, API, and CLI. Frontend interfaces are served by an NginX web server over a TLS-protected connection.

UKM User Portal

Allows application owners to request, review, and approve changes to the SSH Key environment under their management, such as requesting new SSH access, and revoking , restricting or restoring existing access.


UKM Database

Stores management data, such as:

  • User information
  • Trust-relationship information
  • System audit trails
  • Job logs, and so on...

Sensitive data e.g. passwords are always encrypted. Database connections can also be encrypted using TLS.


UKM Agent Application

A software component installed onto a host to manage SSH keys. Agents are not required in UKM, except  for the management of Windows hosts


UKM Agentless Connections

UKM can manage SSH Keys on target servers without the need to install any additional software.


The most comprehensive SSH key management solution available

  • Made by the inventors of SSH and SSH Keys
  • Support for all major SSH protocol versions
  • OpenSSH key discovery, including Centrify, Sun, IBM, Quest etc.
  • SSH.1 and SSH-2 (inc. v1.99) key discovery
  • Key configuration, change settings and update management
  • Key relationships mapping
  • Key activity data collection, monitoring and key activity auto-detection
  • Automatic key directory discovery
  • Support for interactive and non-interactive (M2M) use cases
  • Self-service SSH key management (User Portal)
  • SSH Key auditing and compliance tools
  • Automated compliance reporting
  • Support for estates with millions of keys
  • Non-disruptive to SSH operations when making changes
  • API for integrations
SSH Risk Assessment®

Designed with and for the world’s biggest corporations

SSH Risk Assessment is a professional service from SSH.COM for large organizations that provides in-depth information around the use of SSH and key-based authentication in complex IT infrastructure.

We leverage our in-depth technology expertise, our industry leading IP, our custom-developed scanning and reporting software, and our wide-ranging experience with thousands of enterprises and state/federal agencies, to provide a service that is fast, efficient and effective.

Learn more about SSH Risk Assessment

Our detailed reports include technical information, visualizations and executive summaries to give your team prioritised actions for SSH compliance and audit success.

SSH Risk Assessment