Posted by:
admin
11 years, 7 months ago
We've blogged previously about the potential compliance issues around SSH keys and about the risks of poor SSH key management. A recent Forrester survey (PDF warning!) revealed:
- 36% of enterprises do not scan for unauthorized keys.
- 47% of IT professionals reported dealing with a security incident due to compromised or mis-used keys.
- Keys are rarely rotated.
- 40% of enterprises rely on sys admins to detect a rogue SSH key.
You could purchase software to help you manage keys (as the sponsors of that survey no doubt recommend), but you would essentially be setting up a second user database instead of relying on your existing directory infrastructure. By using PAM-RADIUS and an one-time password you can have two-factor authentication tied into your AD. Rogue keys would cease to be an issue.
Share on Twitter Share on Facebook