What is SSH key management?
If you’re looking to better understand SSH Key Management or to find SSH Key Management software to help your organisation, this article unpacks why SSH Key Management is so important, what the benefits are, and what to look for when choosing a solution provider.
What does SSH Key Management set out to achieve?
Best practice suggests that relying on passwords to secure a login to any service is typically the weakest option: passwords are easily leaked or brute forced. SSH Keys on the other hand make use of Public-Key cryptography to create a digital signature.
This digital signature is made of two parts:
- Public key: this is shareable and is not considered sensitive or private information.
- A Private key: this is secret and should not be shared. This key is used to sign data or messages and when combined with the public key can confirm the sender’s authenticity.
The SSH server and SSH Keys have been designed so that everyone who accesses a particular server has their own user account along with any number of SSH Keys that are used to authenticate the user when setting up the initial connection.
SSH Key Management software and tools ensure:
- all your servers have the correct user accounts to enable user access.
- the SSH Server has access to the Public Key of the relevant user.
- user accounts have the correct privileges and group access on the appropriate servers.
- the SSH Keys are created using the highest security public-key cryptography settings.
- visibility of where keys are, who has access to what servers and who granted that access.
Increased visibility and control of your users and SSH keys, particularly opening the option to fully automate the process of provisioning and removing users accounts and keys across your Linux environments.
What are some of the problems typically faced if you don’t make use of SSH Key Management tools?
- Sharing of a single user account or single SSH key A common solution to not having a central user management and SSH key management system is the reuse of the “root” account or a single user account. Here multiple users login as root or as a single user sharing a single SSH Key. The challenge with this is that there is no visibility as to who and when someone has logged in, which is useful when things go wrong or when unnecessary changes have been made in the environment. Additionally, it becomes an administrative burden and security risk when an individual leaves as the SSH Keys need to be rotated and or passwords changed.
- Lost or Stolen SSH Keys Similarly, if a user loses or has an SSH Key stolen there is a significant security risk until that key is removed from all servers it has been placed on. Not only is it time intensive to manually remove the key it can also be hit and miss in large environments where a log or ledger has not been kept for which servers the key has been uploaded to.
- Consistent and ongoing privilege management Ensuring that each user has the correct privileges (root or SUDO access) and group association can be error prone and cumbersome when managed manually across many servers at once. Once a user has accidently received root or SUDO privileges it’s easy for them to adjust system settings to ensure they keep that access even after the mistake has been rectified. Setting privileges and group management is an ongoing administrative task and environments need to be continually audited to ensure the correct privileges exist as the business and teams change and grow.
What are benefits of a good SSH Key Management Software?
Good SSH Key management combined with Identity Access Management results in:
- Increased visibility and control of your users and SSH keys, particularly opening the option to fully automate the process of provisioning and removing users accounts and keys across your Linux environments.
- Enforcement of security standards and IT policies.
- Adherence to and achievement of compliance with IT Security frameworks (e.g. ISO27001, SOC2, PCI-DSS) and data privacy regulations (e.g. GDPR, CCPA, LGPD and POPIA).
Overall, you will be significantly levelling up your Linux security. We unpack this in more detail here: Benefits of SSH key management.
What methods can I use to implement SSH Key Management?
There are several methods to implement user and SSH Key management:
- Manual or by use of an automation tool (Ansible / Puppet / Chef)
- Utilising custom-built scripts or an automation tool, user accounts and SSH Keys are distributed and managed on a set schedule or once off.
- This method is the most manually intensive and error prone as there are few checks to ensure the correct users have the correct access.
- These scripts can also become cumbersome to manage as the environment and the team grows and becomes more complex.
- Auditability and visibility are typically quite low.
- LDAP or Identity Management Server
- Organisations can make use of LDAP (weather that is Microsoft or Open Source) or identity management servers.
- These can often be more complex to configure unless you already have them setup for a different need in the organisation.
- They have increased visibility and auditability for governance and risk management.
- Depending on the architecture chosen they can be a single point of failure, particularly if the server that is being connected becomes partitioned from the LDAP network. Care needs to be taken during setup to ensure that credential caching is enabled to avoid this issue.
- These tools are typically more focused on User management and lack easy to use SSH Key management modules.
- Certificate Authority
- Organisations can make use of a Certificate Authority, which signs user and host SSH Keys.
- This simplifies the setup, however the SSH server needs to be told to trust the Certificate Authority.
- They have increased visibility and auditability for governance and risk management.
- Depending on architecture and setup, this system also may suffer from being a single point of failure, particularly if the server that is being connected becomes partitioned from the CA.
- There are security concerns if an SSH Key gets compromised as there can be a delay in revoking the certificates, likewise if the Certificate Authority private keys are compromised.
- There is often a significant cost associated with procuring a Certificate Authority either to run and manage or as an outsourced solution.
- Sync agent with central management
- Here an agent is installed on each server which will pull and synchronise all user accounts, SSH Keys and privileges.
- Installation of the agent is simple, quick and typically the same as installing any other software (YUM or APT package management).
- The central nature means there is increased visibility and auditability for governance and risk management.
- As SSH Keys are stored on the server that is being connected to, there is no single point of failure concern. Connecting to the server should continue should the server in question lose access to the central user and SSH Key management server.
- Keystash makes use of this technology and we have built a highly available central management console that communicates with agents installed on each server over encrypted HTTPS connections.
Andrew Burns
Founder, Keystash Limited.Andrew has spent the last 20 years working in IT infrastructure, networks and software development and is a passionate Linux fanboy and security scholar.