As IT environments grow, so do the number of secrets that need to be managed. While passwords are well-secured, SSH keys often fly under the radar. Traditional Privileged Access Management (PAM) solutions can only manage 20% of all SSH keys, leaving a significant portion unaccounted for.
SSH keys are access credentials in the Secure Shell protocol and functionally different from passwords. They tend to outnumber passwords by 10:1, especially in long-standing IT environments. A single key can open doors to multiple servers, making it crucial to manage them effectively.
The issue with traditional PAMs is that they were built to vault passwords, not SSH keys. Vaulting private keys and handing them out at request simply doesn’t work. Keys must be secured at the server side, and most PAMs fail to discover and manage them.
Managing SSH keys requires a different approach. You need a solution that can discover keys first, then secure them. Traditional PAMs miss key configuration files and other elements involved in SSH key management.
Even if you manage 100% of your passwords, you’re still missing 80% of your critical credentials if you aren’t managing SSH keys. As the original source of the SSH protocol, we at SSH Communications Security know the ins and outs of SSH key management.
Your PAM is not complete without SSH key management. It’s not future-proof either. Modern environments using in-house or hosted cloud servers, containers, or Kubernetes orchestration don’t work well with vaults or traditional PAMs that were built 20 years ago.
The best way to manage passwords and keys is not to have to manage them at all. Our solution offers modern ephemeral access where secrets needed to access a target are granted just-in-time for the session, and they automatically expire once the authentication is done. This leaves no passwords or keys to manage – at all. Our solution also eliminates complexity, saves on costs, and minimizes risk.
Check out our PrivX Zero Trust Suite to learn how to do access and secrets management in a comprehensive manner.
Source: https://thehackernews.com/2024/09/passwordless-and-keyless-future-of.html?m=1