GaraSign: SSH Use Case

SSH is used extensively throughout nearly every IT environment. While SSH brings many benefits, SSH access isn’t always properly managed. It is common to find SSH keys scattered throughout the enterprise on user workstations with limited security controls in place. 

GaraSign makes SSH key management easy by enabling you to keep all SSH keys in an HSM, while granting end-users proxied access to the keys they need (and only the keys they need). With GaraSign, you can easily grant and revoke key access, enforce additional security measures like multi-factor authentication, and audit key usage, all without reconfiguring your SSH servers.

Large enterprises must manage a plethora of SSH keys.

How do you control access to them?

The number of SSH keys in a large enterprise can seem completely unmanageable. Numerous keys are distributed out to end-users and stored in software on workstations— and these keys are high-value targets for attackers. Additionally, many of these keys are not visible to InfoSec teams and are therefore difficult to audit.

Increased Risk

Improperly protected SSH keys can be compromised, granting unauthorized users access to critical systems.

Significant Key Sprawl

Without central control of SSH keys, it's nearly impossible to audit usage of every key or revoke user access when necessary.

Limited Security Controls

Enforcing stricter security controls like multi-factor authentication or device authentication often requires reconfiguring servers manually.

With GaraSign, SSH keys are secured in an HSM, granular controls can be applied to users and keys, and all activity is auditable.

Secured Access To HSM-Protected Keys

When you deploy GaraSign, SSH keys remain secured and non-exportable in the HSM at all times. End-users receive proxied access to only the keys they are authorized to use. Since keys are always protected with hardware-level security, the risk of a key being compromised is minimal.

Advanced Security Controls

GaraSign can integrate with existing SSH clients to transparently provide advanced security controls, such as multi-factor authentication, device authentication, approval workflows, IP address whitelisting, notifications, and more. These features can be established on a per-key or per-user basis.

Highly Visible & Easily Auditable

Since SSH keys are secured in the HSM and centrally managed, key management is easily auditable. Auditors can see which keys were used, at what time and by whom. Furthermore, administrators can alter users’ permissions to keys from a single interface.

Request a GaraSign demo today.

Copyright © 2021 Garantir LLC. All Rights Reserved.