Skip to main content

The Solution – the PrivX Key Manager

PrivX Key Manager, developed by SSH Communications Security Corporation, provides the only truly enterprise grade, fully interoperable and scalable SSH user-key management solution currently available. PrivX Key Manager can be deployed over the IT environment to automatically discover existing user and host-key setups, and to provide an efficient, centralized management solution for the administration of user and host keys, all without the need for drastic changes to the existing IT infrastructure.

images/The_Solution_the_PrivX_Key_Manager.png

Gain Visibility Into Your SSH Key Environment

Use the PrivX Key Manager to discover SSH user keys and the trust relationships they enable, without imposing any changes to your existing IT environment. Track key activity to see how often keys are used and where they are used from. With the visibility gained using the PrivX Key Manager, you can determine what parts of your IT environment each user is able to access, and detect trust relationships that may provide access to inappropriate parties. You can use this information to effectively bring your environment under control.

Monitor your environment from the moment the PrivX Key Manager is deployed. Unauthorized changes, such as keys that were manually set up by users, are automatically detected and reported. Security administrators can opt to receive alerts of suspicious activity directly to their email, which allows for rapid response to potential security breaches.

Enforce Key Policy

Use the PrivX Key Manager to relocate all user keys from users' home directories to a secure central location, which gives you full control over managing trust relationships.

Manage the trust relationships in your environment according to best security practices. The PrivX Key Manager provides tools for efficient trust-relationship management (creation, renewal, removal) by automating the underlying SSH key distribution, replacement, and removal. This eliminates much of the tedious, error-prone manual work that is traditionally required for managing trust relationships.

Use Key Manager's key management features to easily create missing authorizations, replace cryptographically weak keys, remove or renew old keys, standardize SSH software configurations, and much more.

Automate Key Management

Use the Key Manager API to automate ticketing and approval processes to reduce manual work, and to minimize the number of administrators who require privileged access for key management.

Maintain Your Key Environment

Just like passwords, user keys should be renewed regularly to minimize security risks. Key Manager can be used to renew keys pertaining to specified trust relationships. User keys are regenerated and automatically distributed to source and destination servers. All trust relationships remain functional throughout the renewal process.

To render unauthorized copies of user keys unusable, Key Manager allows you to configure usage restrictions to keys. Trust relationships can be set to function only when they are used from trusted locations, to prevent users from setting up undetected backdoors with copies of user keys.