Provide feedback on this document
Visit the Audit Tools and Techniques Knowledge Center community
SSH: Practitioner Considerations
Objective—Provides enterprises with a means to assess the effectiveness of their use of the SSH protocol, including key management and applicable SSH controls.
Scope—The use of the Secure Shell (SSH) protocol addresses the need for a secure network protocol by offering encryption, authentication, and other security mechanisms. While its benefits are known, so are the challenges with using SSH. In addition to facilitating network access, SSH keys have no expiration. Given the level of access allowed and the lack of expiration, the criticality of managing SSH keys is clear.
The SSH audit/assurance program covers the following areas:
- The effectiveness of policies and practices around SSH, including the prohibition of users from sharing private keys, implementation of continuous monitoring, and key rotation
- Configuration of SSH in alignment with the enterprise’s SSH strategy and protocols
- Appropriate access management controls
- Continuous monitoring processes for authentication and key management to detect unauthorized access, misconfigured keys, or other vulnerabilities
IT audit and assurance professionals are expected to customize this document for your unique assurance process environment. Use it as a review tool or starting point to modify for your purposes, rather than as a checklist or questionnaire. Keep in mind that to use this document for maximum effectiveness, you should hold the Certified Information Systems Auditor (CISA) designation or have the necessary subject matter expertise to conduct your assurance process while under the supervision of a professional who holds the CISA designation.