Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

(SSH) Keys to Unix Security


Written by Richard Wang

October 9th, 2018

Root accounts are the keys to powerful IT systems, the backbone of your entire infrastructure. They use privileged credentials to control shell access, file transfers, or batch jobs that communicate with other computers or apps, often accessed remotely, with local configuration. They can be the trickiest of all types of privileged accounts to secure, particularly if they are based on Unix or Linux.

While Unix and Linux are not as vulnerable to pass-the-hash attacks as Microsoft, they do pose challenges for enterprise password protection.

Root accounts should never be assumed safe or left unmonitored or unmanaged

SSH Keys are Single Factor Credentials

SSH keys used in Unix can be seen as a more secure means of authentication than simple passwords. But, at the end of the day, they are still single factor credentials. Once compromised, attackers can potentially gain access to multiple servers or critical network resources. Therefore, like passwords, one of the basic security measures you can take is to change them frequently. This is where PAM for Unix comes in. Changing, also called rotating, SSH keys is as important as changing passwords.

Beware of Sharing Credentials

Unix originated as a multi-user, multi-process operating system designed for collaborative research teams that often shared credentials. However, in an enterprise setting, if a group of Unix administrators were to share credentials they would provide everyone access to everything without differentiating sanctioned activities or information.

In this type of environment it would be impossible to rotate or change credentials without impacting many people who rely on them. There would be no way to monitor individual users or hold them accountable for their actions. An audit of Unix security using this model wouldn’t be enough to meet compliance requirements.

As more regulatory bodies demand that organizations comply with least privilege policies, it becomes essential for everyone in an organization—including admins—to access only the systems and information they need to do their job.

Surely, most Unix admins are wonderful people. But they are human. All it takes is one administrator mistakenly downloading malware that accesses their administrator password and the entire pool would be polluted.

Out of Sight, Out of Mind

Simply because root accounts are managed by trusted administrators they should never be assumed safe or left unmonitored or unmanaged.

When an administrator changes roles or leaves a company, it’s a best practice to remove their access to IT systems. Yet, as credentials are often known to only a few people, it’s too easy to forget to remove their root access—ironically, the most important.

A Privileged Access Management System Designed for Unix Security

PAM systems designed for Unix security make it possible for a group of administrators to access and manage the controls they need, without using public keys or sharing credentials. PAM automatically discovers, rotates and reports on privileged account use.

Learn more about SSH key management and Unix command allowlists.



Like this post?

Get our top blog posts delivered to your inbox once a month.