Secure, rotate and protect privileged SSH keys

SSH keys are commonly used within enterprise IT organizations to authenticate users to privileged accounts and verify trust during automated application to application communications. In an unmanaged state, these privileged credentials are stored on vulnerable endpoints and can be easily shared, lost or stolen. If not properly addressed, SSH vulnerabilities can leave gaping holes in an organization’s privileged account security strategy and leave sensitive information at risk of compromise by advanced external and inside attacker.

CyberArk SSH Key Manager is designed to securely store, rotate and control access to SSH keys to prevent unauthorized access to privileged accounts. Built on the CyberArk Shared Technology Platform, SSH Key Manager leverages the Digital Vault infrastructure to ensure that SSH keys are protected with the highest levels of security, including the encryption of keys at rest and in transit, granular access controls and integrations with strong authentication solutions. Detailed audit logs and reporting capabilities provide visibility into key usage to meet audit and compliance requirements.  SSH Key Manager integrates with the CyberArk Privileged Account Security Solution, enabling organizations to protect all privileged credentials, including SSH keys and passwords, from a single integrated platform that can be built out over time in accordance with business needs.

  1. Features
  2. Benefits
  • Secure storage of private SSH keys in the CyberArk Digital Vault
  • Proactive rotation of SSH key pairs with automated distribution of public keys to target systems
  • Centralized creation and management of all access control policies for SSH keys across the enterprise
  • Tamper-proof audit logs enable organizations to report on who accessed what SSH keys and when
  • Integration with the CyberArk Shared Technology Platform delivers scalability, high availability and centralized management and reporting
  • Prevent unauthorized access to privileged accounts by removing private SSH keys from vulnerable endpoints and controlling access to these sensitive credentials
  • Reduce security risks, meet compliance requirements and minimize the operational burden on IT teams by automatically rotating privileged SSH key pairs
  • Eliminate gaps in security by uniformly applying privileged access control policies across the enterprise
  • Prove compliance and accelerate incident investigation times with a complete, tamper-proof history of who accessed what privileged accounts and when
  • Gain enterprise-class privileged credential management, monitoring and recording, complete with secure single sign-on, through out-of-the-box integrations with CyberArk Privileged Account Security products