Contact Us

How Industry Leaders Do SSH

How you can do SSH even better than the world's biggest companies.
20 Dec 2023

How the Biggest Companies Do SSH

Did you know that, according to a 2017 study from the University of Maryland, a cybersecurity attack happens every 39 seconds? And that was in 2017 – that number has only gotten smaller and more alarming in the years since, highlighting the critical need for organizations to prioritize reinforcing their defense strategies. Traditional security methods like firewalls, VPNs, and password policies – although essential facets of a security plan – do not address inherent security risks present at the code or infrastructure levels within organizations. This gap might explain the shift towards more unconventional security domains such as compliance, devops, and engineering.

Speaking to devops, the focus there is increasingly on safeguarding infrastructure. Often, this protection primarily revolves around the SSH network protocol. SSH is crucial for secure remote access, authentication, and encrypted data transfers. In standard server-client SSH configurations, the server accepts a client if its public key matches those authorized, and clients trust a server’s public key during their initial interaction; however, this configuration is not necessarily all it’s cracked up to be.

The Problems with a Typical Server-Client SSH Setup

There are definitely a few things to watch out for with a basic server-client SSH setup. Firstly, the authorized_keys files can grow too large and become difficult to manage. Secondly, many SSH clients follow a “trust on first use” (TOFU) policy, which places the burden of deciding what to trust on the user – this can lead to users ignoring warnings and inadvertently connecting to untrusted hosts, exposing their machines to potential man-in-the-middle (MITM) attacks.

How to Solve the Problems with a Server-Client SSH Setup

A possible solution? Shifting from public keys to SSH certificates and CAs for establishing trust. SSH certificates allow administrators to implement specific rules for their issuance and set expiration guidelines. Check out our blog on how to set up SSH certificates to learn more about setting them up on your own!

Globally, some of the largest companies are addressing SSH vulnerabilities by adopting significant changes, such as not issuing keys or implementing a zero trust model for network user or device authentication and authorization. The concept of zero trust challenges the traditional trust assumptions about internal network traffic and access granted to employees and third parties.

Google’s BeyondCorp Model

Google’s BeyondCorp model is a prominent example of zero trust implementation. Unlike other companies that have added multiple layers of firewalls, restrictions, and VPNs for system access, Google has taken a different approach – instead of relying on a network perimeter, it has made its internal systems accessible over the public internet! This approach necessitates that all systems within the BeyondCorp framework be as robustly built as and fortified as those intended for the public internet.

Now that the background is out of the way, let’s take a look at 3 of the world’s most prominent companies and how they approach SSH:

How Facebook Does SSH

Facebook’s security team prefers to use certificates over public key authentication for several reasons:

1) Managing local accounts becomes increasingly complex as the company expands.

2) Relying on central authentication creates a risky single point of failure.

3) Scaling the trust of individual key-pairs is practically unfeasible.

In crafting a solution that suits their needs, Facebook adopted a concept commonly used in managing HTTPS traffic – they set up their SSH servers to trust their CA and any certificate it authenticates. The subsequent step involves authorization; the certificate includes specific access rights and privileges for individual employees. This ensures that each person has precisely the level of access necessary for their role.

How Netflix Does SSH

Netflix’s security team created its BLESS (Bastion’s Lambda Ephemeral SSH Service) CA, integrating it with the company’s engineering ethos of “freedom and responsibility.” This approach expects engineers to:

1) Actively and transparently share information.

2) Explain all the reasons behind their actions.

3) Manage all services developed by their team.

Consequently, nearly every engineer at Netflix requires SSH access to their services, with the aim of minimizing barriers to this access.

BLESS operates on AWS Lambda and employs Amazon’s Key Management Service for encryption. The SSH bastion architecture at Netflix streamlines the process by utilizing SSO for user authentication and issuing certificates that are valid for only a short duration. Additionally, the company enhances its security through automated monitoring of SSH activities and triggering alerts for any abnormal or suspicious behavior.

How does Netflix do SSH? Netflix uses its BLESS CA. Netflix stays #BLESSed meme

How Uber Does SSH

Uber’s security team identified several issues with the traditional SSH public/private keypair model. Key management was problematic, and there was no automated system to set expiration dates for keys. The longer a key remained valid, the higher the risk of it being lost or compromised.

Another concern was the overwhelming frequency of 2FA requests faced by employees. Constant 2FA prompts could lead to alert fatigue, potentially causing employees to indiscriminately approve any old 2FA notification, a big security no-no.

Although most of these challenges were addressed when Uber switched to using SSH certificates with OpenSSH 5.4, they needed a system that could issue both user and host certificates and continuously authenticate users, rather than just at a single moment. To meet these needs, Uber developed the Uber SSH Certificate Authority (USSHCA) and a PAM module to ensure ongoing user validity. SSH certificates, each with a set lifespan and configurable based on the employee’s role or group, are issued to Uber employees by the USSHCA.

Do You Want Even Better SSH Management Than Some of the World’s Biggest Organizations?

If you’re reading this article, then SSH management is, at the very least, something that you’re interested in and could even be something that you’re trying to make easier within your organization. While you can create your own SSH Certificate Authority in Linux in minutes, if you want to do SSH better than some of the biggest companies in the world and at a fraction of the cost, consider using EZSSH! EZSSH simplifies the process by eliminating the need for managing, updating, and deleting SSH keys across all users and hosts – this is achieved through the use of SSH certificates operating behind the scenes. For the user, the process feels like the usual SSO experience, utilizing their Azure AD (or, Entra ID) identity. This approach effectively removes the risk of SSH keys on engineers’ desktops being compromised by bad actors.

If this is something of interest to you, or if you just want to learn more, feel free to schedule a FREE consultation with one of our ex-Microsoft identity experts to discuss how EZSSH can help your organization SSH like no one else can without requiring you to take out a second mortgage to afford it.

You Might Also Want to Read