Request demo
SCREENSHOT_UKM_policies
Universal SSH Key Manager®

UKM technical details

More about the key features and the technology behind UKM. From the inventors of the SSH protocol.

SSH Risk AssessmentUKM Datasheet

Universal SSH Key Manager technical architecture 

UKM was designed to monitor, remediate and manage keys without disrupting processes. UKM does not require the installation of scripts or agents on target servers leaving a light footprint in your environment.

 

architecture-ukm

UKM Backend(s)

Runs the management engine, and also communicates with hosts inside the managed key environment. Management connections are encrypted with SSH.

UKM Frontend(s)

Provides the interface for administration and management. This includes the GUI, API, and CLI. Frontend interfaces are served by an NginX web server over a TLS-protected connection.

UKM User Portal

Allows application owners to request, review, and approve changes to the SSH Key environment under their management, such as requesting new SSH access, and revoking , restricting or restoring existing access.

 

UKM Database

Stores management data, such as:

  • User information
  • Trust-relationship information
  • System audit trails
  • Job logs, and so on...

Sensitive data e.g. passwords are always encrypted. Database connections can also be encrypted using TLS.

 

UKM Agent Application

A software component installed onto a host to manage SSH keys. Agents are not required in UKM, except  for the management of Windows hosts

 

UKM Agentless Connections

UKM can manage SSH Keys on target servers without the need to install any additional software.

 
 

The SSH Key lifecycle management in detail

Global

1. Discover

  • Full inventory of all active and potentially active keys - who has access to what, and where
  • Discovery of keys enabling PAM and jump host bypass
  • Identification of all keys violating global SSH policy capable of posing a threat
  • Detailed prioritized report on policy compliance in your SSH Key environment (e.g. NIST, SOX, HIPAA, PCI-DSS etc.)
  • Trust relationship map and evaluation against defined policies
Priviledged-access-management

2. Manage

  • Highly efficient centralized key management
  • Monitor and report when and where SSH Keys are used
  • React to violations with alerts for unauthorized changes to SSH configurations
  • Remove unused or unauthorized SSH keys and renew old and weak keys
  • Prevent ungoverned distribution of SSH Keys
  • Limit access to servers to authorized sources
Secure-file-transfer

3. Automate

  • Integrate authorization processes with existing ticketing systems
  • Centrally manage SSH configurations Automate key provisioning, rotation and remediation
  • Automate detection and prevention of policy violations
  • Configuration lock down
  • Compliance process enforcement

Hourglass

4. Zero Trust

  • Eliminate authorized keys on servers for SSH access
  • Radically simplify the overhead of rotating SSH keys
  • Full audit and session control
  • Transparent migration to just-in-time (JIT) and Zero Trust proof ephemeral access - without permanent SSH keys to manage or rotate.

The most comprehensive SSH key management solution available

vincent-guth-pziQZlPhVdE-unsplash-1
  • Made by the inventors of SSH and SSH Keys
  • Support for all major SSH protocol versions
  • OpenSSH key discovery, including Centrify, Sun, IBM, Quest etc.
  • SSH.1 and SSH-2 (inc. v1.99) key discovery
  • Key configuration, change settings and update management
  • Key relationships mapping
  • Key activity data collection, monitoring and key activity auto-detection
  • Automatic key directory discovery
  • Support for interactive and non-interactive (M2M) use cases
  • Self-service SSH key management (User Portal)
  • SSH Key auditing and compliance tools
  • Automated compliance reporting
  • Support for estates with millions of keys
  • Non-disruptive to SSH operations when making changes
  • API for integrations
ra
SSH Risk Assessment®

Designed with and for the world’s biggest corporations

SSH Risk Assessment is a professional service from SSH.COM for large organizations that provides in-depth information around the use of SSH and key-based authentication in complex IT infrastructure.

We leverage our in-depth technology expertise, our industry leading IP, our custom-developed scanning and reporting software, and our wide-ranging experience with thousands of enterprises and state/federal agencies, to provide a service that is fast, efficient and effective.

Learn more about SSH Risk Assessment

Our detailed reports include technical information, visualizations and executive summaries to give your team prioritised actions for SSH compliance and audit success.

SSH Risk Assessment