Analyzing and fixing SSH violations

You can take a number of actions to resolve SSH trust violations. This section describes common violations and the recommended steps to resolve them.

All supported SSH violations are resolved using one or more of the following remediation tasks:

  1. Remove keys (orphans, authorized keys with root access, excessive number of keys, replace, if obsolete, remove RSA1 and create RSA instead)
  2. Remove keyset (and create new one in its place)
  3. Add self-service key mappings
  4. Locate SSH servers and scan for keys
  5. Add policy settings (flag duplicate private keys, set minimum key length, and flag SSHv1)
  6. Split keyset into two keysets
  7. Specify (correct) forced commands
  8. Fix source restrictions
  9. Add missing options
  10. Rotate keys (and set a schedule for auto rotation)

Remediating specific violations

In addition to general remediation actions, SSH Manager for Machines identifies specific violations that require targeted action. Below are supported violations you might see and guidance on how to resolve them.

  • Violation: 35 - Symbolic Link

    SSH Manager for Machines resolves and includes symbolic links during initial SSH key discovery, ensuring both actual key files and their symlinks appear in the SSH keyset inventory. Although symlinks are listed, file operations, such as key deletion or addition, are blocked for these links to prevent unintended changes. Violation 35 - Symbolic Link flags keys that are symbolic links, helping users clearly distinguish between real key files and symlinks across all views, including inventory, reports, and API responses.

    Remediation: Take action on the real file associated with the symlink. Do not attempt to modify the symlink directly.

  • Violation: 36 - Invalid Permissions

    This violation flags SSH keys whose file or directory permissions are too permissive—specifically, anything other than -rw------- or -r--------. On Linux systems, overly open permissions can allow unauthorized users to read, write, or execute the file, posing a security risk.

    Remediation: Review the file or directory permissions and adjust them to meet secure standards. Restrict access to ensure only the intended user can interact with the key.