View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 30, 2017

SSH: Security asset or security liability?

Christine Drake, research analyst at Venafi, defines and explains SSH, otherwise known as Secure Shell.

By Ellie Burns

EB: What is SSH?

CD: In short, SSH, or Secure Shell, provides secure access to remote computers over an otherwise insecure network. This access protects administrator-to-machine tasks as well as automated machine-to-machine functions. To ensure only authorized people and machines have access, SSH uses public-key cryptography for authentication. For example, SSH keys authenticate the identity of the machines exchanging information (machine identities) to secure these automated machine communications.


EB: Why is SSH important?

CD: All organizations rely on SSH as an encrypted protocol to authenticate privileged users, establish trusted access and connect administrators and machines. SSH use spans many critical systems, including application servers, routers, firewalls, virtual machines, cloud instances, and many other devices and systems.

Collectively, the number of systems using SSH can be extensive. Included in this number are many systems that use SSH in automated applications and scripts without human input or review. For example, this includes transferring sensitive files between systems overnight. As organizations get bigger, an even higher percentage of their automated applications and scripts use SSH.


EB: If SSH isn’t used, how else can organisations remotely manage routers, firewalls and other systems?

CD: Without SSH, remote access would be conducted over unsecured networks, exposing an organization’s most critical systems and data. Without the safeguards of SSH, attackers can more easily intercept sensitive communications or impersonate a trusted system to gain access.


Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
EB: Are there any risks involved? What are they?
SSH: Security asset or security liability?

Christine tackled the topic of SSH as part of CBR’s Tech Express series.

CD: SSH is intended to provide secure privileged access. But when SSH itself is not secure, it can become more of a security liability than a security asset. Once SSH keys are put in place, they create ongoing, automatic connections from one system to another, without requiring a password. This creates a persistent trust relationship—one that cyber criminals and malicious insiders are eager to access and misuse in their attacks.

Most enterprises view SSH keys as simply an operational tool that can be configured and self-managed by system administrators, who often do not understand the security implications. Today’s enterprises are falling short with haphazard management and ownership, incomplete inventories, poor configuration practices, and inadequate and unenforced security policies. These poor security practices can result in unauthorized privileged access followed by misuse of other existing SSH trust relationships to pivot further into the network.


EB: How can these risks be managed?

CD: When SSH environments are properly managed and secured, they safely serve their purpose of securing remote access. But to achieve this, organizations need a centralized, automated approach that delivers sound security, policy and auditing practices.

There are four steps that help to secure an organization’s SSH usage: 1) Build a comprehensive inventory; 2) Identify SSH vulnerabilities; 3) Remediate; and 4) Monitor.

Automation must underlie all of these steps to secure the thousands, if not millions, of SSH keys used in every enterprise. This automation should apply to the entire SSH key life cycle from issuance to decommissioning, including regular rotation of SSH keys—similar to password rotation policies.  With these steps in place, organizations can secure and control all SSH keys to minimize the risk of unauthorized access to critical systems.


Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.