Managing Access Using SSH Keys

SSH user keys are ubiquitously used for accessing information systems by automated processes and system administrators. Many large organizations have hundreds of thousands of keys granting access, with many keys providing privileged access without auditing or controls. The talk educates the audience about risks arising from unmanaged access using SSH keys; discusses what is required by compliance mandates; outlines how to establish effective operational processes for provisioning, terminating, and monitoring SSH user key based access; and outlines how to understand and remediate SSH user keys in an existing environment.

Mr. Ylönen invented the Secure Shell (SSH) protocol in 1995 and is founder and CEO of SSH Communications Security. OpenSSH is based on his free version of 1995. He has 29 years of programming and systems management experience and plenty of business management background. He co-authored the IETF guidelines on SSH key management for automated access and is a co-author in upcoming NIST IR series guidelines for managing access using SSH keys. Mr. Ylönen and his company have been deeply involved in several actual SSH key remediation and management projects with some of the leading financial institutions and other enterprises.