How IT admins manage their digital assets can have a tremendous impact on an organization’s security. Whether it is access credentials like passwords and SSH keys, or assets used to create work product, it’s critical that IT is able to effectively manage all of the company’s IT resources. SSH keys are one resource that have commonly been under managed. So what is SSH key management, and what does it look like to properly manage SSH keys?
Before we explain SSH key management, let’s make sure we understand how they are used.
Using SSH Keys
SSH keys are used to access the SSH protocol. The SSH protocol uses the client/server model to create an encrypted path of communication that is used for remotely logging into one computer from another. Because of how secure it is, the SSH protocol has become widely used to carry out critical tasks like executing remote commands and managing network infrastructure.
A couple of methods exist for accessing the SSH protocol – passwords and SSH keys. It is not recommended to use passwords because their level of security is relatively low. SSH keys on the other hand can be a very secure method because they are made up of very long strings of composite numbers and prime factors. This is more challenging to crack than passwords, and is why SSH keys are favored over passwords for authenticating to the SSH protocol.
The number of SSH keys within an organization can escalate rather quickly. For example, let’s say a certain group of engineers needs access to the same production server. Each engineer will then have their own set of SSH keys to authenticate to that same production server. As that company grows and that engineer group grows, the number of SSH keys grows too. In fact, Fortune 500 companies tend to have millions of SSH keys.
What does SSH key Management mean?
Proper management over any type of resource and its access credentials enables a secure, well controlled environment. Effective SSH key management means IT is able to provision and deprovision SSH key access, know which SSH keys (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Natalie Bluhm. Read the original post at: https://jumpcloud.com/blog/what-is-ssh-key-management/