The Challenge – Who or What Can Access Your Computers
The SSH protocol's public-key authentication is widely used as a convenient and highly secure means to establish trust relationships between network computers. Most corporations employ public-key authentication for automating application-to-application data transfers and batch processes, and as a more secure alternative to conventional password authentication.
In public-key authentication, a digital signature key pair (consisting of a private key and a public key file) is created. After the distribution of the public key to those servers where it is needed, the key pair is used to prove the identity of the user or application during the SSH authentication process, which protects the server in question. These key pairs are called user keys, regardless of whether they are used by a person or an automated process. To protect the user from man-in-the-middle attacks, the SSH authentication process also requires that the server identifies itself to the user using a host-specific public key called the host key.
In modern complex enterprise ICT environments it is nearly impossible to map how trust relationships between individual users, system accounts and multiple applications, relate to their respective destination servers, which are protected by SSH. The lack of visibility into user-key trust relationships increases the difficulty of managing trust relationships. User-key files do not provide reliable information about the trust relationship they are enabling: who is given access and to what computers. Unmanaged trust relationships may allow access into the corporate IT environment for people who have left the corporation a long time ago.
