Some reports show that SSH is present on over 18 million hosts accessible from the internet. This figure doesn’t count hosts available to adversaries once they gain access to an internal network. The figures quickly become staggering. To complicate this, organizations regularly use SSH and SSH Authorized Keys as part of a healthy cybersecurity posture. It only takes one misconfiguration in SSH or the hosts it runs on to allow adversaries to add an SSH key of their own. With this technique accomplished they can reconnect to that host any time they like.
Do you know which SSH keys in your environment are good and which are bad? Get the hands-on skills you need to detect and mitigate this adversary behavior today.
