Securing SSH Keys in Multicloud Operations

Secure Shell, or SSH, keys have become a go-to authentication tool, especially as we continue to adopt and adapt to distributed IT and remote working environments that demand robust access controls. But without the right management, SSH keys can quickly transform from password-less bliss to a security nightmare. We operate in a constant state of flux – people come and go, workloads are spun up and torn down, and before we know it, we find ourselves with a pile of unmanaged and untracked SSH keys strewn across the network. If just one private key is compromised, it makes the entire network vulnerable to attack.

SSH key sprawl, the result of high volumes of unmanaged and untracked keys, has become a lucrative target for attackers targeting business networks. Attacks are trending upwards, with hackers using SSH keys in targeted malware and brute force attacks, and to establish backdoors to the network.

AppSec/API Security 2022

What is an SSH Key?

SSH offers a secure connection for people or device access to systems and servers. Nowadays, they are a simpler and more trusted option than traditional usernames and passwords. A trusted SSH key pair provides secure, ongoing access to remote systems and tasks like systems administration, automated processes and managing mission-critical network infrastructure.

Rather than requiring users to log in with their username and password, a system or server uses a trusted key pair to verify, identify and encrypt communications between a client and server. Because they only require a one-time setup for initial key pair generation, they offer more secure and seamless action. Some professionals confuse X.509 certificates with SSH keys, and vice versa. While there are similarities, there are key differences when it comes to trust, control, their lifecycle and the risks they pose. Perhaps the greatest difference between the two is that X.509 certificates expire, while SSH keys do not. This means that SSH keys have to be actively removed when they’re orphaned and/or no longer useful.

Like X.509 certificates, the sheer number of SSH keys within the enterprise is growing, and without best practices and management systems in place to keep track of them, they can be challenging. While X.509 certificates can be actively disruptive or cause costly service outages, the greatest risk that SSH keys pose is a pervasive risk of unauthorized access.

Today, roughly 84% of enterprises use SSH protocol in their environments in Linux systems, cloud configuration tools and DevOps processes, and most admit to lacking tools, best practices and processes to manage them.

Best Practices Key to Mitigating SSH-based Attacks

SSH key management is critical to mitigating new and emerging risks, and best practices must account for the many SSH applications within the enterprise and the potential implications for controls, policies and visibility. For example, in cloud services, every cloud vendor allows users to generate new keys or use existing key pairs. Secure shell access is configured and managed differently in each cloud environment, however, and while keys are easy to generate, keeping an up-to-date inventory of keys, and their trusted relationships, quickly becomes challenging.

Here are five basic actions teams can take to quickly mitigate SSH-based attacks and establish key management processes:

  1. Disable root login – Root login is allowed by default on most Linux systems, and if password authentication and root password are both enabled, the risk of attack increases significantly.
  2. Use public key authentication – Password-based logins are vulnerable to brute-force attacks. Key-based authentication is faster and far more secure.
  3. Use strong passphrases for keys – This goes without saying; like with passwords, rely on proven best practices for private key protection. In this case, it means applying a strong passphrase to every private key.
  4. Set a custom port – It’s widely known that Port 22 is commonly targeted by attackers using port scanning malware. Obscure SSH services by configuring a new, custom port.
  5. Keep SSH updated – This can’t be overstated: keep your server packages updated. This includes OpenSSH patches against new vulnerabilities.

SSH key management is critical for any organization using the SSH protocol. Many teams start out with a management system they manage themselves, but become overwhelmed as the number of keys quickly multiplies; sometimes into the hundreds of thousands. When it comes to protecting SSH keys and improving security, the only way to reap the benefits is through proper key management best practices. With the right processes and technology to help, though, getting control of SSH key management is achievable.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. This ... Read More
Palo Alto Networks