Many are aware that the Secure Shell, or SSH connection, is very useful when integrating systems or securely moving data between machines. What many seem less aware of is the SSH host keys and their role in securing those connections.

From a business point of view the importance placed on data security, particularly during transfer, is high enough to ensure that every available precaution should be taken. With that in mind, it is equally important to remain informed on all the options available to your business; a missed opportunity to secure the connection between a business and its client creates a blind spot for attacks from the ‘man in the middle’, and this makes everyone involved a vulnerable target for data-theft.

SSH host keys play an important role in the security of SSH connections, not just between individual machines but between multiple servers within the same business. The host keys act as a second barrier of defence, providing another verification option to ensure the server you connect to is the server you meant to connect to, and not an ‘unknown’ posing as the client.

Some businesses may already be aware of SSH host keys, but frequently they are misused and therefore the full extent of their protection is diminished. It is important to verify the connection properly; too often a user will type “yes” without verifying the security key for that connection. Instead the user should compare the finger-print with the one on the server using “ssh-keygen -l”, and this ensures that the connection is authentic.

For development environments it makes sense to set the option “StrictHostKeyChecking=no”.  This means that the first verified connection will continue to work for any newly configured test environment, and for production environments setting “StrictHostKeyChecking=yes” will ensure that the correct host entries are in place and that information will not inadvertently pass to the wrong party.

This can make the deployment process a little more complicated but more secure in operation, and therefore worth the extra effort. Setting these options ensures that a warning appears to alert the user when the host key changes from the one stored, providing extra protection from potential security breaches.

SSH host keys also allow for secure connections using the IP address as a host tracker. As long as host keys are detected and verified using the business’s IP addresses the connection can continue uninterrupted, but if a new and different host key is detected on an IP it will refuse to continue the transfer, sending an error notification so the data remains secure.

Used properly in this way, and by selecting the correct options for your servers, SSH host keys play a valuable role in the security of a business, the client and the shared data on the SSH connection. Without the host keys the connection is as vulnerable as any other, so making sure that the host keys are used effectively is fundamental to the security of any business that deals with data transfers.

Tweet