SSH Protect

  • Disable password-authentication and implement private-public key cryptography.
  • Discover all SSH machine identities in the environment, who they belong to and what they are used for.
  • Control SSH identities and authorized keys.
  • Control SSH configuration files and known hosts files to prevent any tampering.
  • Implement clearly defined SSH key management policies
  • Define SSH hardening configurations.
  • Create key inventory and remediation policy.
  • Establish continuous monitoring and audit process.
  • Automate the SSH machine identity lifecycle.
  • Create an Incident Response playbook for InfoSec and risk teams.[1]

Techniques Addressed by Mitigation

Domain ID Name Use
Enterprise VT0020 .001 Remote Services: SSH

Manage SSH keys as a security asset

References

Attachments

ID
VM0012

Created: 16 March 2021

Last Modified: 12 April 2021