« Previous 1 2 3
Secure SSH connections the right way
Certified
Conclusions
SSH is not a perfect protocol, but in its simplest application, it at least provides basic measures against integrity loss. However, as IT security requirements grow, as stipulated in the industry, the protection provided by SSH out of the box can no longer be relied upon. Without key management and unambiguous integrity detection, SSH could become an opening for a cyberattack and can therefore compromise, the system-critical infrastructure. This problem can be remedied by centralized key management and independent integrity determination by a third-party entity.
Probably the most appropriate solution for many organizations, which because of its complexity this article does not cover, would be to combine SSH authentication with Active Directory (AD) authentication. The X.509 certificate-based authentication provided by AD is a perfect match. This system would also provide centralized identity management.
Infos
- RFC 4251: https://tools.ietf.org/html/rfc4251#section-4.1
- CVE-2020-14145: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145
- RFC 4253: https://tools.ietf.org/html/rfc4253#section-7
- ssh-mitm: https://github.com/ssh-mitm/ssh-mitm
- IT-Grundschutz: https://www.bsi.bund.de/EN/Topics/ITGrundschutz/itgrundschutz_node.html
- ISO 27001: https://www.iso.org/isoiec-27001-information-security.html
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)