Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security of Interactive and Automated Access Management Using Secure Shell (SSH)



Tatu Ylonen, Paul Turner, Karen Scarfone, Murugiah Souppaya


Users and hosts must be able to access other hosts in an interactive or automated fashion, often with very high privileges, for a variety of reasons, including file transfers, disaster recovery, privileged access management, software and patch management, and dynamic cloud provisioning. This is often accomplished using the Secure Shell (SSH) protocol. The SSH protocol supports several mechanisms for interactive and automated authentication. Management of this access requires proper provisioning, termination, and monitoring processes. However, the security of SSH key-based access has been largely ignored to date. This publication assists organizations in understanding the basics of SSH interactive and automated access management in an enterprise, focusing on the management of SSH user keys.
NIST Interagency/Internal Report (NISTIR) - 7966
Report Number


access control, authentication, automated access management, device authentication, interactive access management, Secure Shell (SSH), user authentication


Ylonen, T. , Turner, P. , Scarfone, K. and Souppaya, M. (2015), Security of Interactive and Automated Access Management Using Secure Shell (SSH), NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed May 26, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created October 14, 2015, Updated October 12, 2021