A recent research paper exposes a critical SSH vulnerability where a passive network attacker can obtain private RSA host keys from an SSH server. According to Christian Simko, Vice President of Product Marketing for AppViewX:
This research highlights why better SSH hygiene, management and control is necessary to maintain a strong enterprise cybersecurity posture.
SSH (Secure Socket Shell) has become widely implemented as it enables a simple secure communication framework between two hosts. The SSH framework provides administrators with a simple self-service method to authenticate without using passwords. SSH-KEYGEN and OPENSSH emerged as some of the most popular solutions which the administrators used for generating and managing SSH keys.
While aiming to make SSH simple and accessible for everyone, it created new challenges to security of the application infrastructure with anyone being able to generate and distribute the keys to gain access. Additionally, this simplicity allowed an unfathomable number of SSH keys to pile up in the infrastructure which presents a potential violation of enterprise IAM policies. Since there is no governing body to regulate the creation and use of SSH keys, there is a component of uncertainty-based risk involved. SSH keys are generated on an ad-hoc basis and they don’t expire, creating the likelihood of key sprawl (hundreds to thousands of discarded keys that are left unmanaged).
Furthermore, a lack of defined management processes for SSH credentials means that there is no comprehensive inventory and many keys are left untracked. Organizations typically have large volumes of SSH keys on file, especially large enterprises that can have millions of SSH keys. When left unmanaged, SSH keys become potential back-doors into a network, or targets for data theft or breaches. Stale SSH keys that use obsolete algorithms present another weak link and target for hackers. Regular SSH key rotation is an essential process. However, this can be challenging without proper management tools to handle such large volumes of keys.
Common challenges that organizations face with SSH keys:
- Lack of visibility and control – SSH keys can be generated easily and, on an ad-hoc basis. As a result, SSH keys multiply quickly and without oversight. Organizations typically have little visibility and control over the thousands to millions of SSH keys in their environment.
- Static, Stale and Stray Keys – SSH keys do not expire, resulting in weak, outdated or inactive keys overtime. Users may leave an organization but their keys are left behind. Meanwhile, initial SSH access can lead to unnoticed access forever, creating backdoors for attackers.
- Key Sprawl – Large volumes of dispersed, unmanaged and untracked SSH keys, also known as key sprawl, poses a major security threat to organizations.
- Manual key lifecycle management and bulk provisioning – Manual SSH access provisioning and key lifecycle management is challenging, time-consuming, and error-prone, especially at scale.
Best-practices for SSH key management should include:
- Discovery of keys from standard and non-standard locations
- Identify and report non-standard and non-compliant keys
- Holistic visibility of keys and the users of these keys
- Ability to revoke access to non-compliant and non-standard keys
- Automated rotation and distribution of keys
- Self-service SSH access requests
- Support for cloud and legacy on-prem infrastructure
- Centralized SSH Certificate Authority