User key management for the Secure Shell (SSH)

US 20130117554A1
Filed: 12/21/2012
Published: 05/09/2013
Est. Priority Date: 12/21/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

at least one processor; and

at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to manage secure shell (SSH) related keys, said keys utilized between a first managed host having an SSH client and a second managed host having an SSH server, wherein the managing comprises causing the second managed host to install a public key as an authorized key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Management of user keys for public key authentication using the SSH in large SSH deployments is automated by deploying a management system in the environment, discovering SSH identity keys and authorized keys, analyzing authorized connections between user accounts, and automatically managing the authorized connections and the key pairs used for authentication.

Citations

30 Claims

1. An apparatus, comprising:
- at least one processor; and
  
  at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to manage secure shell (SSH) related keys, said keys utilized between a first managed host having an SSH client and a second managed host having an SSH server, wherein the managing comprises causing the second managed host to install a public key as an authorized key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein the managing comprises causing a private key to be created for a first account, wherein the public key corresponds to the private key.
  - 3. The apparatus of claim 1, wherein the managing is performed without an agent.
  - 4. The apparatus of claim 3, wherein the managing comprises discovering authorized connections between accounts.
  - 5. The apparatus of claim 1, wherein the managing comprises authorizing a first account to log into a second account.
  - 6. The apparatus of claim 1, wherein the managing further comprises revoking authorization of a first account to access a second account.
  - 7. The apparatus of claim 1, wherein the managing further comprises renewing a key pair used for public key authentication.
  - 8. The apparatus of claim 1, wherein the managing further comprises configuring an IP address restriction for a public key in an authorized keys file.
  - 9. The apparatus of claim 1, wherein the managing further comprises configuring a forced command option for an authorized key.
  - 10. The apparatus of claim 1, wherein the computer program code is further configured to cause the apparatus to renew a certificate used for user authentication.
  - 11. The apparatus of claim 1, wherein the computer program code is further configured to use a tool for escalating privileges.

12. A method comprising:
- managing secure shell (SSH) related keys, said keys utilized between a first managed host having an SSH client and a second managed host having an SSH server;
  
  wherein the managing comprises causing the second managed host to install a public key as an authorized key.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 13. The method of claim 12, wherein the managing further comprises causing a private key to be created for a first account, wherein the public key corresponds to the private key.
  - 14. The method of claim 12, wherein the managing further comprises authorizing a first account to log into a second account.
  - 15. The method of claim 12, wherein the managing further comprises revoking authorization of a first account to access a second account.
  - 16. The method of claim 12, wherein the managing further comprises renewing a key pair used for public key authentication.
  - 17. The method of claim 12, wherein the managing further comprises configuring an IP address restriction for a public key in an authorized keys file.
  - 18. The method of claim 12, wherein the managing further comprises configuring a forced command option for an authorized key.
  - 19. The method of claim 12, wherein the managing uses a tool to escalate privileges.
  - 21. The computer program product of claim 12, wherein the managing further comprises causing a private key to be created for a first account, wherein the public key corresponds to the private key.
  - 22. The computer program product of claim 12, wherein the managing is performed without an agent.
  - 23. The computer program product of claim 22, wherein the managing further comprises discovering authorized connections between accounts.
  - 24. The computer program product of claim 12, wherein the managing further comprises authorizing a first account to log into a second account.
  - 25. The computer program product of claim 12, wherein the managing further comprises revoking authorization of a first account to access a second account.
  - 26. The computer program product of claim 12, wherein the managing further comprises renewing a key pair used for public key authentication.
  - 27. The computer program product of claim 12, wherein the managing further comprises configuring an IP address restriction for a public key in an authorized keys file.
  - 28. The computer program product of claim 12, wherein the managing further comprises configuring a forced command option for an authorized key.
  - 29. The computer program product of claim 12, wherein the managing further comprises configuring which users are permitted to authenticate using a certificate issued by a certificate authority to an account.
  - 30. The computer program product of claim 12, wherein the managing uses a tool to escalate privileges.

20. A computer program product stored on a computer readable medium comprising computer readable program code operable to cause a computer to:
- manage secure shell (SSH) related keys, said keys utilized between a first managed host having an SSH client and a second managed host having an SSH server;
  
  wherein the managing comprises causing the second managed host to install a public key as an authorized key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SSH Communications Security Corp. (SSH Communications Security Oyj)
Original Assignee
SSH Communications Security Corp. (SSH Communications Security Oyj)
Inventors
Ylonen, Tatu J.

Granted Patent

US 10,003,458 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 9/08   Key distribution or managem...

H04L 9/0891   Revocation or update of sec...

H04L 9/3268   using certificate validatio...

User key management for the Secure Shell (SSH)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

User key management for the Secure Shell (SSH)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links