OpenBSD Journal

USENIX LISA 2013 Managing Access Using SSH Keys [video]

Contributed by tbert on from the a-usenix-conference-for-an-old-apple-product dept.

Tatu Ylönen invented the Secure Shell (SSH) protocol in 1995 and even the history of OpenSSH mentions how OpenSSH is a derivative of the original free ssh 1.2.12 he released. He is also the founder and CEO of SSH Communications Security which sells a commercial version of ssh. A few more details can be found on the USENIX LISA 2013 page for "Managing Access Using SSH Keys" but the audio and video files are linked below.

SSH user keys are ubiquitously used for accessing information systems by automated processes and system administrators. Many large organizations have hundreds of thousands of keys granting access, with many keys providing privileged access without auditing or controls. The talk educates the audience about risks arising from unmanaged access using SSH keys; discusses what is required by compliance mandates; outlines how to establish effective operational processes for provisioning, terminating, and monitoring SSH user key based access; and outlines how to understand and remediate SSH user keys in an existing environment.

Editor's note: This talk is, in no small part, a push for a commercial product; the issues raised in regards to lax management of SSH keys, however, are valid enough to warrant careful consideration of one's own key regime.

Available audio and video formats:
Video MP4 | Video WEBM | Audio MP3 | Audio OGG

(Comments are closed)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]