SSH key pairs can grant secure passwordless access to critical resources like production servers. They’re a valuable resource for organizations because they’re stronger than traditional credentials, but they must be carefully managed and maintained. Unencrypted private SSH keys on user machines can potentially provide a gateway for bad actors to access organizational data.
However, IT administrators have tools to monitor and manage the SSH keys in their organizations entirely from the cloud. In this post, we’ll explain the risks of unencrypted private SSH keys, and then we’ll cover ways to mitigate those risks.
Risks of SSH Without Password / Passphrase
Typically, users generate key pairs and store the private keys on their machines and the public keys on the remote resources they access, such as servers. Although organizations might have reasons to leave private SSH keys unencrypted, such as automation workflows, we recommend they use a passphrase to encrypt those keys wherever possible. The passphrase provides another layer of authentication to protect the private key.
A user can create a new SSH key pair directly via their Mac® or Linux® terminal or another method, like PuTTY, for Windows®. When they create the key pair, they’ll be prompted to enter a passphrase, which is used to decrypt the private key stored on their machine. They can opt to skip that step, which will leave the private key vulnerable if the machine is compromised.
Although full disk encryption is another valuable way to encrypt data on a machine, it’s only effective when the data is at rest and wouldn’t protect an unencrypted private SSH key in every scenario. SSH.com notes, for example, that keys can leak via backups or decommissioned hardware.
Recently, hackers targeted European supercomputers, including the University of Edinburgh’s ARCHER. The university announced that it would reset SSH passwords and, moving forward, users would be required to enter an SSH key with a passphrase and a password to access the supercomputer — which indicates the importance of properly protecting SSH keys.
Identify SSH Keys for Private Key Encryption
Admins have access to cloud-based solutions they can use to manage and monitor the SSH keys in their organizations.
JumpCloud® Directory-as-a-Service® is a full-suite directory service in the cloud with comprehensive system management capabilities. JumpCloud also offers a premium System Insights feature, which enables admins to pull data from managed systems across their environments.
Admins can scan user machines for key data points like OS and patches, installed applications, and memory, storage, and CPU — as well as the encryption state of private keys in each user’s ~/.ssh directory on Mac and Linux machines. Admins can then use this data to identify unencrypted private SSH keys and take action as needed. (Instructions about how to pull this data can be found here.)
Routine scans for unencrypted private keys on user machines can serve as one component of broader key management policies. We also recommend having clear policies for user generation of SSH keys, key governance, and key end-of-life.
SSH Key Management & Monitoring
JumpCloud gives admins the tools to manage and revoke SSH keys from a web-based console. Users can self-service and create their own SSH keys, storing the private keys locally on their machines and storing the public keys in their web-based user portals. When a user stores a public key in their user portal, it’s automatically distributed to the infrastructure to which they’ve been granted access.
When users leave the organization, admins can remotely revoke access to virtually all their IT resources, including their assigned SSH keys. Admins can also revoke SSH keys if they reach their specified end-of-life.
With JumpCloud, admins can provision secure access to servers at scale and monitor SSH keys across their organization.
Click here to learn more about scalable server access and management from the cloud.