PAM360 » Features » SSH key management tool

SSH Keys

Secure Shell (SSH) keys are encryption keys that facilitate secure connections to SSH based devices Just like passwords, these authentication identities need to be subjected to security best practices to prevent any privilege misuse; however, managing SSH keys manually is a daunting process. Usually, enterprise IT teams create and provision SSH keys on the fly to users requesting access to SSH-based servers without a central mechanism to track their usage. The number of unmanaged SSH keys can quickly get out of hand, and the pool of orphaned SSH keys becomes a vector for unauthorized access.

SSH key management with privileged access management

To gain complete visibility and control over the SSH key landscape, organizations should implement a comprehensive SSH key management program that integrates seamlessly with their privileged access management (PAM) solution to automate the life cycle management of SSH keys associated with privileged assets within the network.

PAM360 - SSH Key management tool

ManageEngine PAM360 facilitates the complete life cycle management of SSH keys from a single, unified console. From discovering SSH servers, enumerating user accounts, and building a central inventory of SSH keys to on-demand key generation and deployment, performing periodic key rotation, and launching remote SSH sessions to target systems, PAM360 enables IT admins monitor, automate, and manage the entire life cycle of SSH keys mapped to mission-critical assets across the IT ecosystem.

Key features of our SSH key management software

Discover SSH keys across heterogeneous environments and endpoints

PAM360's built-in SSH key discovery tool helps IT admins perform network-based discovery of SSH keys deployed across various servers in the IT infrastructure. The discovery of SSH servers can be performed in bulk, either on demand or automatically at periodic intervals through creation of scheduled tasks. Once discovered, administrators can enumerate user accounts in each resource and import the SSH keys present in them by providing the corresponding user credentials. In addition to the password inventory, PAM360 has a centralized key inventory in which the SSH keys are automatically added post discovery and import.

Generate new SSH keypairs and deploy them to target systems

PAM360 helps IT admins centrally create fresh SSH keypairs and deploy the public keys to SSH servers across the network. This replaces the existing key-user mappings with new trust relationships, establishing a streamlined access control workflow and greater visibility over SSH key usage. Generation and deployment of SSH keys can also be done in bulk to multiple user accounts. Further, PAM360 can generate strong passphrases during the key generation process that serve as an additional layer of security.

Launch one-click sessions to remote SSH servers

Users can launch instant SSH sessions with remote hosts that are tunnelled via PAM360, requiring no direct connectivity between the user device and the target system. This gateway access removes all the hassles associated with direct connection—which demands that users manually supply the private key and passphrase everytime a session is launched—and reinforces tight security.

Enforce periodic key rotation and thwart the compromise of privileged access

It's a common practice for enterprises to create SSH key pairs as needed and use the same private key to authenticate multiple systems. This means that if a single keypair is compromised, it could expose sensitive information from all the accounts that a particular key was mapped to.

With PAM360, administrators can enforce automated periodic rotation of key pairs deployed to various servers across the network. This best practice helps enterprises comply with industry standards and regulations as well as bolster data security. A holistic view of the complete history of individual keys, including the date of creation, the creator and owner of the key, the rotation history, and so on, is presented to the administrator in the form of audit trails, reports, and dashboards.

Get a holistic view of SSH trust relationships across your network

Apart from discovering and inventorying SSH keys, PAM360 also helps administrators in their key management journey by exhibiting a comprehensive view of key-user relationships across the corporate network. Every key stored in PAM360 is mapped to its respective user account(s) in the remote server, making it easier for administrators to track trust relationships and delete any unwanted or orphaned keys in the network that could be potential launch points for a data breach.

Define key management policies for all SSH deployments

PAM360 provides key management policies that enable IT administrators to wipe out all existing user key mappings across the network by removing the public key information from the authorized_keys file of the remote hosts. Fresh keypairs can then be created from PAM360 and deployed to target servers. These policies facilitate a quick redesign of the entire SSH framework, remediating all existing vulnerabilities and empowering administrators to embark on a clean, completely managed start.

FAQs about SSH key management

  • What is SSH key management?

    SSH key management is the process of securing and managing Secure Shell (SSH) keys across the different domains of an organization to facilitate encrypted access to sensitive endpoints and resources of the network.
  • What are the benefits of proper SSH key management?

    An effective SSH Key management strategy allows uninterrupted and secure access to servers and applications by ensuring that cryptographic keys are promptly generated and managed, thereby reducing the surface for unauthorised access. Further, managing SSH keys through a solution such as PAM360 provides organizations with a unified, central interface to view and manage all their SSH keys distributed across their enterprise environment.
  • What are the disadvantages of unmanaged SSH keys?

    SSH keys are the gateways to maintaining integrity and securing access to sensitive systems of an organization. Unmanaged SSH keys could act as easy points of entry for threat vectors who could gain access to these systems and compromise business-critical information.

ManageEngine named a Challenger in the 2023 Gartner ® Magic Quadrant ™ for Privileged Access Management. Learn More.