Two common mistakes people do while sharing SSH keys with team

posted on

If you are part of the organization that manages a huge number of servers, then its absolutely mandatory to manage SSH access too. These days SSH is the protocol that is widely adopted by all types of organizations to provide server access to the team. Usually, SSH key based authentication is preferred over SSH password based authentication because SSH key based authentication is secure and safer than SSH password based authentication. Finally, everything comes down to managing SSH key pairs. In this blog post, you will learn 2 most common mistakes that people do while sharing SSH keys with the team to provide SSH access.

Thus sharing SSH keys with team members is unavoidable for any kind of organization.

Don't share SSH keys using cloud drive/USB drive

Its very common to see people sharing SSH keys with team members using USB drive/Cloud drive without actually understanding the potential security risks involved in it. There are a number of possible scenarios that can harm your organization/business if you continue this practice further. What will you do if,

  1. you completely lose the drive containing SSH keys?
  2. someone copies the SSH keys to another device without your permission?
  3. the drive is handed over to non-trustworthy person?
  4. forgot to delete the SSH keys on the disk after sharing it?

Its no surprise that your business can end in no time if you compromise your SSH keys.

Do not share SSH keys through third-party chat/email apps

During production outage, you may need assistance from other team members in order to debug or troubleshoot servers. Sometimes you may copy paste SSH key data on third-party apps like Gmail, Slack, Google Hangout, Whatsapp, Skype, etc., in order to share it with your team member. Once you do this, your SSH key data will be stored on those third party services database. Later on, the same SSH key data can be copied and misused by any of your team members. There are high chances for your data to be compromised if any security breach happens on those third party services.

Blindly trusting third party services/apps can be a disaster for you in future.

Need a solution for SSH key sharing problem? Try SloopEngine

With SloopEngine's centralized SSH key management you can securely store, manage and rotate SSH keys for each and every environment such as production, staging, development and more. All the SSH keys that are managed using SloopEngine's centralized SSH key management is encrypted and stored. Due to the adoption of cloud servers, it's a must for any organization or team to centrally manage SSH keys because of the security risks associated with it.

Interested? Signup today for free! Thank you.