Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

SSH Key Management: why you should never manage SSH keys manually

Written by Thycotic Team

December 5th, 2017

Has your organization moved beyond simple user name and password schemes for accessing Unix and Linux systems by relying on SSH keys to allow access? If so, congratulations! You have greatly increased your overall security posture.

However, if your organization is managing SSH keys manually, you have a long way to go before you can feel confident that your SSH keys are secure.

What makes SSH key management a challenge?

Management of SSH keys can be tough. Think about what happens when someone who possesses some of the keys leaves the company, or when best practices require the keys to be updated periodically.

Manually updating SSH keys is a daunting task

And with data centers constantly expanding across multiple geographic locations, IT teams are increasing the number of physical and virtual servers they have to manage. Yet the resources that enable them to accomplish required tasks rarely keep pace with their demands.

While it is possible to manually update SSH keys on Unix/Linux systems within an environment, this can be a daunting task as the number of systems increases.

Consider the example of a network with 50 Unix systems, all of them needing access to one another. The key pairings that are being passed around require 50 unique private keys (one on each system), and the assignment of each of the matching public keys to be placed on every other system. That’s nearly 2,500 instances of public keys that would have to be updated, if ever those private keys were updated themselves.

To make matters worse, many SSH key management tools are limited to only rotating and updating keys on the target systems. This does not allow for assignment to teams, solid audit trails, or other basic management functions which create true operational efficiencies.

Is there a good solution to enterprise-level SSH key management?

Fortunately, enterprise privileged account management software such as Thycotic Secret Server provides robust SSH Key management capabilities. Secret Server efficiently handles situations where there are individual SSH Key pairs, or where there is a single private key mapped to numerous public keys.

In Secret Server you can take advantage of permissions and audit trails to lock down access to these keys and understand how they’re being used. Secret Server also has powerful security controls such as Check Out and Request Access to supplement your security posture.

Check Out can rotate the SSH keys every time they are used, and Request Access allows you to enforce a workflow on users who are trying to access SSH Keys. Last, but not least, Secret Server can record SSH sessions, restrict which SSH commands can be executed, and keep track of any keystrokes during those sessions.

SSH Key Management with Secret Server

Already securing privileged account access for more than 10,000 organizations worldwide, including Fortune 500 enterprises; Thycotic Secret Server is simply your best value for PAM protection.

You can try Secret Server free for 30 days (below), with support, and see for yourself how convenient and secure Secret Server’s SSH key manager is.

IT Security should be easy. We’ll show you how.

Try Secret Server and experience how FAST & EASY
IT security products can be.