SSH Communications Security announced a new service Oct. 8 designed to allow enterprises to lock down a potential back door: an unknown number of SSH private keys floating around the data center. The service will deploy a team of SSH experts to install and manage the Universal SSH Key Manager, which uses either an agent or an agent-less solution to lock down the SSH security-key environment, which protects transactions moving in and out of the data center. SSH describes the new service as complementary to its Universal SSH Key Manager and CryptoAuditor solutions. SSH, of course, is known for creating a secure, encrypted link between a client and a server, especially between shell accounts on a UNIX system. While a UNIX admin may find an SSH tool useful for remotely accessing a server, SSH can also create a security headache for large financial institutions that, under law, must secure their systems under regulatory compliance mandates. Between 10 and 15 percent of all encryption keys are unknown and have root access, SSH claims. SSH said that it had trialed the program with a number of financial institutions, many of which can spend around $2 million a year manually removing or rotating keys. One of SSH’s pilot customers (a large financial institution) had 200 administrators dedicated to key management services; another had 15, Tatu Ylönen, the chief executive of SSH and the inventor of the SSH protocol, said in an interview. The largest banks, despite spending hundreds of thousands of man-hours on key security, told SSH they simply didn’t know how many keys they had. “When you have hundreds of thousands of keys, you can’t keep track of them on a spreadsheet,” Ylönen said. Once a key is in the hands of a bad actor, SSH bypasses normal security and authorization measures. “Rather, you get private access to the server, bypassing this,” Ylönen said. “It also permits you to create a permanent backdoor to the server.” Ylönen said he delivered a presentation on the issue at the recent Black Hat conference, and warned that if hackers weren't already using the technique, they would soon. A private key may also allow a black hat access to other servers within the network. According to Ylönen, the original Morris worm used a similar technique, executing remote shell (rsh) commands to move from one server to another. (The goal there was not to capture keys, but supposedly to gauge the size of the Internet, or at least the UNIX machines that made up most of the systems in 1988.) The service is deployed as a virtual appliance running atop CentOS and SUSE, designed to manage Linux and UNIX, in addition to Microsoft Windows PCs, IBM mainframes and Apple Macintoshes. How much does it cost? Ylönen said that each service is negotiated separately, but that one of the trials cost the customer $2.5 million for a “five-digit” number of hosts.   Image: Johan Swanepoel/