Ssh – Security when SSH private keys are lost

auditSecurityssh

User A has two SSH private keys, and over time has used this public key on a number of servers
He lost one of them, and has created a new pair.

How does User A inform me (the sysadmin), that he has lost his key, and how do I manage all the servers to which he had access (I do not have a list, of all servers that User A has access to). In other words, how do I recall the public key associated with this private key.

In LDAP based Authentication, all servers would communicate with a single server repository for authentication, and If I remove acess or modify the password on the server, all systems that use this LDAP for authentication are secured, when User A loses his password.

Best Answer

What version of sshd are you using? OpenSSH 5.4 apparently has a key revocation option:

* Add the ability to revoke keys in sshd(8) and ssh(1). User keys may
be revoked using a new sshd_config(5) option "RevokedKeys". Host keys 
are revoked through known_hosts (details in the sshd(8) man page).   
Revoked keys cannot be used for user or host authentication and will  
trigger a warning if used.

If you're using an earlier version, you probably have to run through all possible authorized_keys files on all your servers to look for and remove the suspect public key. This would include any account User-A could ssh into, including root. This assumes you are not using centralized authoried_key management.

Best Answer

Related Solutions

Ssh – Is SSH logging capabilities equivalent to su logging for private/public key authentication

Ssh – Allow users to ssh to specific user through ldap and stored public keys

Related Topic