According to our recent survey, over 84 percent of organizations use a form of secure shell protocol (SSH) in their environment. Since SSH keys are widely used to access sensitive information on your mission-critical systems, safeguarding them from malicious users is important. Many organizations have thousands of identity and authorized keys that are not being tracked on a day-to-day basis. As a result, many high-profile data breaches in the past have been possible primarily due to the theft of untracked SSH keys. Millions of user credentials have been stolen to date and billions of dollars have been spent on remediation.
These attacks can be mitigated through rock-solid SSH key management. There are vendors like AppViewX that can automate the entire SSH key lifecycle management for you and help you regain control of your SSH keys. But if you do not wish to opt for a tool to manage your SSH keys, the following technique should be an essential part of your key management strategy.
SSH Key Rotation
Access control and cryptography form the basis of any SSH key management. While access control looks after user key-based trust relationships, cryptography covers key algorithm, key size, and key age. Among these, key age is the most overlooked procedure in SSH key management. When an SSL certificate expires, the access to an application goes down, unlike SSH keys which continue to provide access to applications even after decommissioning or an administrator leaves an organization. This non-expiring property of an SSH key is a significant problem and needs to be handled immediately. Hackers that are undetected and have access to your systems through the existing SSH keys will continue to download sensitive information from your systems. This access could have been blocked if your SSH keys had an expiration date. But how do you determine which keys need replacement? As a best practice, rotate (delete and re-provision) all your keys every 60 days. Before you rotate your keys, take into account the following considerations.
Establish Full Visibility of Trust Chains
First, make a list of deployed identity and authorized keys (even temporary ones) in your environment through a key discovery. Read the private and public key information from all client devices and map trust relationships between each key, its administrator, and its systems to establish how it is being used using the known_hosts file or the keyscan command. The systems here define the set of client systems that can gain access to the server systems. This visibility can help you manage your keys confidently. Once this visibility is established, enforce policies that control the deployment of new keys in the future.
Be Cautious of Shared Private Keys
When an SSH key pair is generated for a single server, the keys can be rotated after a predefined expiration interval without any issues. But when there is a shared private key, as in a key that is shared between multiple servers, then having the visibility described above plays an important role. In such cases, the key pairs must be provisioned and pushed to all dependent servers to ensure seamless access. Since you plan on replacing keys on all target systems, it is better to avoid sharing private keys among different devices as this can make your network vulnerable.
Prepare for Failure
After generating new key pairs for your devices, the old keys need to be uninstalled. If you forget to remove them, the whole point of this activity is lost as the old keys will continue to provide access to your systems. However, it is important you only remove the old key pairs after testing the connection with new key pairs. This can save you the trouble of unanticipated service disruptions. When unsuccessful with the current key pair, discard the new keys and generate another set of keys to get this activity right. This is not a one-time task and needs to be repeated every 60 days to keep your privileged access, privileged.
The secure communication that the SSH protocol provides is going to increase its adoption. The number of SSH keys will proliferate, making it ever more difficult to manage manually. Though SSH is secure, it is not a one-time exercise. Uncontrolled deployments and practices can threaten your business. Make sure your sensitive data remains in the hands of authorized users by employing your SSH key management efficiently, with the right tools!
SSH key rotation should be an important part of your SSH key management strategy and it need not be a time-consuming and painful task. To find out how AppViewX can help you automate SSH key management, please visit https://www.appviewx.com/solutions/certificate-lifecycle-automation/