Key-based authentication of SSH communication relies on SSH key pairs and an additional, optional passphrase. While public keys are deployed on target systems, users hold their private keys and the passphrase. They need to supply the private key and passphrase to access the target system.
Although using unique key pairs for each target system is the best practice, it's fairly common to see a single key pair used on multiple systems. What's worse is the same passphrase is being used with all the keys. If a single key pair is compromised, then technically most of the systems across the organization would be, as well.
To safeguard the data, besides using unique key pairs and passphrases, organizations must replace the keys periodically. It is cumbersome for administrators to access each server and update the public keys manually, each time they want to rotate the keys. Therefore, an automated key rotation system is necessary.
Key Manager Plus can be used to automatically rotate the keys and deploy them periodically based on a schedule or any time on demand. It provides a holistic view of the key-user relationship as well as the complete history of individual keys such as the date of creation, the creator, the owner, and the date it was last changed. These best practice approaches bolster data security in addition to ensuring compliance with industry standards and regulations. The keys and accompanying passphrases are also encrypted and saved together in Key Manager Plus. This eliminates the need to enter the passphrase each time the user handles the key.
Key Manager Plus is integrated with ManageEngine’s Password Manager Pro, to provide unified privileged identity management platform.
ManageEngine’s Key Manager Plus enables us to stay on top of SSL certificates for all of our websites. With Key Manager Plus, we’re able to monitor which certificates are nearing expiration and roll out new certificates in a timely manner.Ken Odibe Senior cloud infrastructure consultant, Sapphire systems.