Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

No Setting & Forgetting: 3 Problems with Managing SSH Keys

June 6, 2016

  • Blog
  • Archive

Managing SSH Keys

There’s a common theme and lesson to be learned from 2015’s data breaches — when it comes to privileged access management, even for servers and appliances (read: Cisco), enterprises can’t just set it and forget it. All devices and data must be brought under the enterprise security policy – even SSH keys. Secure Shell (SSH) keys are common tools used by Unix systems administrators to access Unix servers. The keys, when used with pass phrases, provide a secure way for admins to access systems and data.

Enterprise IT, which often consist of dozens of Unix servers and only a handful of Unix admins to manage them, rely on SSH keys to do help them do their jobs efficiently.

So, what’s the problem with SSH keys?

For what they offer in terms of convenient access, SSH keys can also pose a security risk in three ways:

1) Lack of accountability over accounts. SSH keys are tied to accounts on a Unix server, not to an individual. What happens when you need to prove that a specific user accessed a server using SSH keys for an audit.

2) Manual effort in rotating SSH keys. Replacing and managing SSH keys require manual effort. Because they’re used on Unix servers, and there are typically a handful of Unix administrators, it can be easy to ‘set it and forget it’. The big operational risk here is obvious – the older a password, the greater the chance of unauthorized access and a breach.

3) Repeat use of the same passphrase for different SSH keys. As a result of risk #2, managing and rotating SSH keys manually typically results in IT teams using a productivity ‘hack’, and reusing the same passphrase for different SSH keys. As a result, IT teams are unwittingly putting their enterprise security at risk – if the pass phrase falls into the wrong hands, a threat actor has a way to move laterally through your Unix environment.

If you’re reviewing your privileged access management policies and considering solutions to help you secure and automate the process of discovering, managing, and cycling privileged account passwords and SSH keys, BeyondTrust can help.

PowerBroker Password Safe adds security and simplifies the management of SSH keys by automatically rotating SSH keys according to a defined schedule and enforcing granular access control and workflow. Private keys stored in Password Safe can be leveraged to automatically log users onto systems through a proxy with no user exposure to the key, and with full privileged session recording.

To read more about our SSH key management capabilities, check out this data sheet.

Or, watch this video to see PowerBroker Password Safe’s SSH key management capabilities in action.

Sandi Green, Product Marketing Manager, BeyondTrust

Sandi Green is the Product Marketing Manager for PowerBroker Password Safe, PowerBroker for Windows, and PowerBroker Mac at BeyondTrust. She has over 20 years of sales and solutions marketing experience with technology companies that served a variety of industries ranging from life sciences, human capital management, consumer packaged goods and most recently IT security. When she’s not following the latest trends in Cybersecurity, she’s busy following college football and basketball. Follow her on Twitter at @SandiGreen3.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.