SSH is used extensively throughout nearly every IT environment. While SSH brings many benefits, SSH access isn’t always properly managed. It is common to find SSH keys scattered throughout the enterprise on user workstations with limited security controls in place.
GaraSign makes SSH key management easy by enabling you to keep all SSH keys in an HSM, while granting end-users proxied access to the keys they need (and only the keys they need). With GaraSign, you can easily grant and revoke key access, enforce additional security measures like multi-factor authentication, and audit key usage, all without reconfiguring your SSH servers.
The number of SSH keys in a large enterprise can seem completely unmanageable. Numerous keys are distributed out to end-users and stored in software on workstations— and these keys are high-value targets for attackers. Additionally, many of these keys are not visible to InfoSec teams and are therefore difficult to audit.
When you deploy GaraSign, SSH keys remain secured and non-exportable in the HSM at all times. End-users receive proxied access to only the keys they are authorized to use. Since keys are always protected with hardware-level security, the risk of a key being compromised is minimal.
GaraSign can integrate with existing SSH clients to transparently provide advanced security controls, such as multi-factor authentication, device authentication, approval workflows, IP address whitelisting, notifications, and more. These features can be established on a per-key or per-user basis.
Since SSH keys are secured in the HSM and centrally managed, key management is easily auditable. Auditors can see which keys were used, at what time and by whom. Furthermore, administrators can alter users’ permissions to keys from a single interface.