Contributed by tbert on from the a-usenix-conference-for-an-old-apple-product dept.
Tatu Ylönen invented the Secure Shell (SSH) protocol in 1995 and even the history of OpenSSH mentions how OpenSSH is a derivative of the original free ssh 1.2.12 he released. He is also the founder and CEO of SSH Communications Security which sells a commercial version of ssh. A few more details can be found on the USENIX LISA 2013 page for "Managing Access Using SSH Keys" but the audio and video files are linked below.
SSH user keys are ubiquitously used for accessing information systems by automated processes and system administrators. Many large organizations have hundreds of thousands of keys granting access, with many keys providing privileged access without auditing or controls. The talk educates the audience about risks arising from unmanaged access using SSH keys; discusses what is required by compliance mandates; outlines how to establish effective operational processes for provisioning, terminating, and monitoring SSH user key based access; and outlines how to understand and remediate SSH user keys in an existing environment.
Editor's note: This talk is, in no small part, a push for a commercial product; the issues raised in regards to lax management of SSH keys, however, are valid enough to warrant careful consideration of one's own key regime.
(Comments are closed)