SSH User Key Remediation
Getting Control of One of the Most Significant Hidden Threats to Your Enterprise Security
Sloppy management of SSH authentication keys risks catastrophic IT failure Most organizations have no process for managing, removing, and changing access-granting SSH keys. This violates SOX, FISMA, PCI, and HIPAA, all which require proper control of access to servers and proper termination of access. This white paper focuses on SSH user key remediation as a process which all organizations utilizing SSH should be aware of and consider implementing. It will outline a basic process and set of tools which can be utilized to identify the existing trust relationships in your environment, bring legacy keys under control, and automate the creation, deployment, rotation and removal of keys.