SSH
SSH is used extensively throughout nearly every IT environment. While SSH brings many benefits, SSH access isn’t always adequately managed. It’s not uncommon to find SSH keys scattered throughout the enterprise on endpoint devices with limited security controls in place.
E-semnatura simplifies SSH key management by making it easy to store all SSH keys in a centrally-managed hardware security module (HSM) while providing end-users with remote access to the keys they need. With E-semnatura, you can easily grant and revoke SSH key access, enforce additional security measures like multi-factor authentication (MFA), and audit key usage, all without reconfiguring your SSH servers.
Large enterprises must manage a plethora of secure shell (SSH) keys.
How do you control access?
The number of secure shell (SSH) keys in a large enterprise can seem unmanageable. Multiple SSH keys are distributed to end-users and stored in software on workstations— and these keys are high-value targets for attackers. Additionally, many of these SSH keys are not visible to InfoSec teams and therefore are challenging to audit.
Give E-Semnatura a Try
With E-semnatura, secure shell (SSH) keys are secured in a hardware security module (HSM), granular controls can be applied to users and keys, and all activity is auditable.
Secured Access To Hardware Security Module (HSM) - Protected Keys
When you deploy E-semnatura, secure shell (SSH) keys remain secured and non-exportable in the HSM servers at all times. End-users receive proxied access to only the HSM keys they are authorized to use. Since keys are always protected with hardware-level security, the risk of an SSH key being compromised is minimal.
Advanced Secure Shell (SSH) Security Controls
E-semnatura can integrate with existing SSH clients to transparently provide advanced cybersecurity controls, such as multi-factor authentication (MFA), device authentication, approval workflows, IP address whitelisting, notifications, and more. All within our HSM as a service. These features can be established on a per-key or per-user basis.
Highly Visible & Easily Auditable
Since secure shell (SSH) keys are secured in the hardware security module (HSM) and centrally managed within the HSM software, SSH key management is easily auditable. Auditors can see which keys were used, at what time, and by whom. Furthermore, administrators can alter users’ permissions to the SSH keys from a single interface.
E-semnatura for Enterprise Code Signing FAQs
How does E-semnatura integrate with my secure shell (SSH) client?
It depends on the secure shell (SSH) client you are using, but it is typically done via an SSH-Agent that is capable of using hardware security module (HSM) keys managed in E-semnatura.
Does E-Semnatura support managing server-side secure shell (SSH) keys?
Yes, E-Semnatura can also secure the SSH server keys in the hardware security module (HSM).
Will my automated scripts that use secure shell (SSH) continue to work?
Yes, they should. Since E-Semnatura integrates via an SSH-Agent, the commands should work without alteration, assuming you are using a supported client.
How are additional controls enforced without installing anything on the secure shell (SSH) server?
Since E-Semnatura proxies the client key used to complete the challenge-response handshake, it can enforce additional security controls (e.g., multi-factor authentication) before it allows the use of the key. In other words, the SSH server delegates the additional privileged access security controls to GaraSign and is unaware that the additional controls are taking place.
Since the client secure shell (SSH) keys are secured in a hardware security module (HSM), is key rotation still necessary?
The need for frequent key rotation drops is drastically reduced since the keys are never exported from the Hardware Security Module (HSM). While every key eventually should be rotated, you can do so less frequently since the Secure Shell (SSH) keys are now well protected. Of course, please check with your enterprise’s policies to ensure you will remain compliant.