Security teams are now in the second year of keeping networks secure in the wake of the global pandemic. As work shifted from the office to employees' homes, companies deployed a variety of remote access capabilities and trained workers on how to use them securely.
SSH, the de facto standard for remote access and administration, is a centerpiece of those efforts. Created in 1995 by Tatu Ylönen, it gives users and system administrators a secure way to log in to another computer over an unsecured network to manage network infrastructure, execute commands, and access recourses and applications.
SSH provides strong encryption and is far more secure than login protocols, such as Telnet, or file transfer methods, such as FTP. It uses public key cryptography to verify the identity of the SSH server and relies on strong encryption, such as Advanced Encryption Standard, and secure hashing algorithms, such as Secure Hash Algorithm 2, to safeguard communications and ensure the privacy and integrity of any data exchanged.
The genesis of SSH and its top risks
However, with around 20 million SSH services accessible on public IP addresses, it's an obvious target for hackers. As a result, SSH risks are growing. The InterPlanetary Storm malware and crypto-miner campaigns Golang and Lemon Duck all exploit SSH vulnerabilities, while the sophisticated FritzFrog peer-to-peer botnet has successfully brute-forced its way into over 500 SSH servers. These are just a few of the ongoing attacks organizations are facing.
Although the protocol is inherently secure, the authentication mechanism, client-server configuration and machine identities -- SSH keys -- used to secure remote connections are open to abuse.
The top six SSH risks are the following:
- password authentication
- untracked and unmanaged keys
- compromised private keys
- unpatched SSH software
- vulnerable SSH configurations
- shadow SSH servers
SSH allows password- or public key-based authentication. Because passwords are vulnerable to brute-force attacks, key-based authentication should always be the selected option. That said, strong key management is essential. Otherwise, private keys can be compromised and enable an attacker to authenticate into server accounts where the private key is trusted. Weak keys, careless users, unauthorized keys and untracked trust relationships between systems and accounts all increase the risk of unauthorized access. What's more, if SSH servers are not patched and their configuration settings -- including SSL/TLS options -- aren't checked on a regular basis, hackers will find a way to compromise them; SSH servers that an organization isn't aware of are particularly vulnerable.
How to keep SSH risks under control
To ensure SSH doesn't put an organization's network and data at risk, security teams should perform an SSH risk assessment. This involves scanning for SSH servers and ensuring that, first, they are logged in the asset register as a justifiable service and, second, correctly configured. Inventory SSH keys, and verify the trust relationship between them. This can be quite a challenging task even for relatively small organizations. A survey by security vendor Venafi found severe gaps in SSH key management with 68% of CIOs saying that managing SSH will only become more difficult as organizations move to cloud-native environments where SSH keys are used for practically everything.
Thankfully, tools and services exist to help companies conduct risk assessments and enforce key management best practices throughout the entire lifecycle of each key. These products -- from companies such as SSH Communications Security, Venafi, Userify, Keyfactor, Scout Suite and CloudSploit -- provide a range of capabilities, from testing configuration weaknesses among SSH servers to pinpointing potential security risks in cloud infrastructure accounts.
As with all security tasks, SSH risk assessment is not a one-off undertaking. Scans must be conducted on a regular basis. Users and administrators can change certain configurations, such as port forwarding and the location of authorized key files, without considering or understanding the security implications, exposing those systems to broader attacks.
Identity is the new line of defense as the traditional network perimeter has all but vanished. Keeping remote services secure is more important than ever, and SSH can protect privileged access to mission-critical systems. But companies must effectively manage SSH risks. Otherwise, instead of an asset, the protocol can become a security liability.