A Solution To The Risk Posed By A Lack Of SSH Key Management

For companies and organisations today SSH Client who have widespread SSH and OpenSSH deployments using public key authentification, the risk of exposure remains significant. The lack of defined and implemented processed to manage the set up of keys and their removal and rotation creates a situation around an ever increasing number of trust relationships which is far too difficult to control. This is particularly the case if it is a manual process as it can be extremely time consuming.

What’s more, with the normal cycle of organisational changes that large organisations face, typical merger and acquisition activity, general employee turnover and the migration towards virtual environments, the lack of SSH Key management can become a serious critical security risk that organisations simply must address to avoid unnecessary risks to their organisations. As auditors and security chiefs also attest, the importance of good and safe user SSH key management is a pre-requisite to good house-keeping and compliance to best practice data security management.

There are other alternatives to the manual process such as Kerberos and the use of x.509 certificates which will also address the challenges relating to public key authentication, however, each comes with their own limitations and complexities.