I'm currently managing SSH keys for six servers, and I'm concerned about security after one of them got compromised. If an attacker steals SSH keys and gains access again, what steps can I take to enhance my protection? What are the best practices for managing SSH keys across multiple servers? Should I implement short-lived keys, per-developer keys, or consider centralized key management solutions? I'm looking for any helpful tips or real-life experiences on this topic.
4 Answers
If any server gets compromised, the best course of action is to wipe it clean and redeploy immediately. Also, limit root access to only essential personnel to reduce risks.
Consider using a solution like Tailscale which has a keyless SSH implementation. It simplifies access management while enhancing security.
Using different SSH keys for each server is a smart move. Just make sure your SSH config is set up correctly to avoid hassle.
Also, remember that the public key goes on the server, so if it's compromised, the attacker can only add their access without exposing your private key. Protecting your private keys on your device is crucial!
I suggest checking out HashiCorp Vault for managing SSH access. It's designed for scaling and securing access effectively across many servers. You can set policies and automations that help enhance your security.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures