Ylonen, T.
, Turner, P.
, Scarfone, K.
and Souppaya, M.
(2015),
Security of Interactive and Automated Access Management Using Secure Shell (SSH), NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.7966
(Accessed April 24, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Security of Interactive and Automated Access Management Using Secure Shell (SSH)
Published
Author(s)
Tatu Ylonen, Paul Turner, Karen Scarfone,
Abstract
Users and hosts must be able to access other hosts in an interactive or automated fashion, often with very high privileges, for a variety of reasons, including file transfers, disaster recovery, privileged access management, software and patch management, and dynamic cloud provisioning. This is often accomplished using the Secure Shell (SSH) protocol. The SSH protocol supports several mechanisms for interactive and automated authentication. Management of this access requires proper provisioning, termination, and monitoring processes. However, the security of SSH key-based access has been largely ignored to date. This publication assists organizations in understanding the basics of SSH interactive and automated access management in an enterprise, focusing on the management of SSH user keys.Citation
NIST Interagency/Internal Report (NISTIR) - 7966
Report Number
7966
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
access control, authentication, automated access management, device authentication, interactive access management, Secure Shell (SSH), user authentication
Citation
Created October 14, 2015, Updated October 12, 2021