SSH Key Management Guidelines

Aug 26, 2014

The US government rolls new best-practice rules for protecting SSH.

The US National Institute of Standards and Technologies (NIST) has published a draft of new Guidelines for SSH Key Management. The new guidelines are aimed at government system admins and CIOs but are intended to serve as a general, best-practice standard for the IT industry. The draft version of NISTIR7966 “Security of Automated Access Management Using Secure Shell (SSH)” is available for download at the NIST website.
SSH co-creator Tatu Ylonen serves as lead author for the guidelines. Early chapters of the 43-page PDF document cover SSH basics and discuss the most common vulnerabilities associated with SSH keys. Later sections focus on recommended practices and procedures for planning and implementing a key management policy.
The guidelines highlight the need for continuous monitoring and auditing of key use, as well as proper configuration and procedures for terminating key access.

Related content

comments powered by Disqus

Issue 170/2015

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News