A guide to protecting and managing SSH Keys to mitigate security risks
Read time: 5 min, 30 sec
If someone has spent enough time in an IT environment, he/she is more than likely to come across the term SSH keys. SSH (Secure Shell) keys are an access credential that is used in the SSH protocol for modern Infrastructure-as-a-Service platforms like AWS, Google Cloud, and Azure.
What are SSH keys?
SSH keys are of various sizes, while the most popular choice is an RSA 2048-bit encryption. It is comparable to a whooping 617-digit-long password. Generating an SSH key pair differs for various Operating systems. On Windows, a user can generate it by downloading and using an SSH client like PuTTY, while on Mac and Linux systems, it is possible using a terminal window.
SSH keys are always available in pairs, which consist of a public key and a private key. There are three different types of keys, depending on Who or What possesses these keys:
If the private and public keys remain with the user, then this set of SSH keys is referred to as User Keys.
If the private and public keys are on the remote system, then that key pair will be referred to as Host keys.
This type of key is used when a large amount of data is to be transmitted, and those are needed to be encrypted.
How does SSH Key Authentication work?
After the successful generation of a key pair, the user will be prompted to enter the SSH username and the IP address of the remote system. Now, this specified username, and the protocol will tell the remote server which public key is needed to authenticate the user. After that, the remote server will use the already available public key to encrypt a challenge message that is sent back to the client, which is decrypted using the private key on the user’s system.
After this process, when the message has been decrypted, it is then combined with a previously gathered session ID and later sent back to the server. Only if this message matches with the server, does the client get authenticated and access to the remote server is given. The most important thing is to make sure that these SSH keys are properly managed.
Managing SSH Keys
There are several millions of SSH keys in use to grant access to various digital assets, mainly by Fortune 500 companies. So, an effective SSH key management system would go a long way in reducing security risks. There are various options to gain control over SSH keys in development as well as production environments. This means the user has to manage the SSO provider, a directory service, and various system management solutions.
Risks associated with SSH Keys
There are many risks or vulnerabilities involving SSH keys, but some vulnerabilities are critical and should not be ignored:
SSH Key tracking troubles
A large enterprise may have more than one million SSH keys, and it is practically impossible to keep track of or manage each key. This scenario occurs, because end users can create new SSH keys or duplicate them without much hassle, unlike certificates or passwords. Once a large number of SSH keys are gathered, it becomes tough to track these credentials when development servers are migrated to production environments or when an employee leaves that organization without changing their key. These unaccounted SSH keys can provide attackers with long-term privilege access to corporate resources. Sometimes, these attackers can even have a permanent network of entry by impersonating the user with the actual SSH key.
Sharing SSH keys is Trouble
For efficiency, SSH keys are often shared or duplicated across employees or servers. Because of this duplication, a single SSH key can have multiple instances granting access to all the machines of an enterprise. This may make users’ jobs easier, but it also makes attackers’ lives easier in long term. SSH Key duplication creates complicated, many-to-many private-public keys which reduces security, as it’s difficult to rotate and revoke without the same appropriate key fingerprint. Key sharing is dangerous because it reduces audibility and nonrepudiation.
Static SSH Keys
It is not an easy task of rotating more than one million SSH keys. Many IT administrators rarely change or re-distribute keys for the fear that a critical component or employee may miss something. These factors lead to a surge of static SSH keys, which in a way leads attackers to compromise an unchanged key, use it or move laterally through the organization, and gain access to critical or sensitive assets.
Embedded SSH Keys
SSH keys are frequently embedded inside an application or script, this makes changing them much more difficult as the code and embedded keys have a certain level of coordination to prevent system outrages. This may lead to backdoors for attackers, through these embedded SSH keys in applications, code, and scripts.
Weak SSH configuration
SSH client and server implementations like OpenSSH include a few specific configuration parameters which IT administrators miss. Opting for default settings such as port forwarding increases the security risks a great deal.
Security vulnerabilities of SSH
There are a few vulnerabilities related to security measures like:
Brute force and malware attacks
Attackers target SSH keys to gain lateral movement within an enterprise, launch brute force attacks, and malware attacks by creating backdoors.
SSH session hijacking and unauthorized access
Attackers can hijack a user’s SSH session by exploiting the trusted communication established between multiple systems. This is done by hijacking or gaining unauthorized access to the user’s socket. That is why it is better to avoid default configurations, as those compromise the privileged user access.
Mitigate SSH security attacks
Although there are many vulnerabilities related to SSH key management, there are also ways to prevent those:
Discover and map keys
User needs to discover SSH servers, certificates, and private keys which have the authorization to grant SSH access. Frequent network scans and using discovery tools to locate and maintain the centralized pathway are also critical. Also, it is important to map the key-user relationship.
Control SSH keys and access
It is better to implement SSH key management policies and practices to generate new keys and remove unused keys. The user can leverage directory services to assign the required levels of clearance to access the SSH credentials.
Disable root login
The root is the primary user account while enabling complete access to any UNIX-based systems. Attackers target this root login to gain unlimited access to critical systems.
If the IT administrators maintain proper audit trails to ensure that all keys in use adhere to policies, this may lead to transparency and proper modifications can be done for key generation and rotation.