SSH Authorized Keys

SSH Authorized Keys are widely used as credentials for remotely accessing Linux-based systems via SSH. Adversaries can manipulate these keys to give themselves persistence in your environment so they can return at will. Get hands-on detecting and mitigating this adversary action today.

Course Content

Detection, Validation, and Mitigation


Account Manipulation: SSH Authorized Keys
What are SSH Authorized Keys?


Account Manipulation: SSH Authorized Keys
Course Description

Some reports show that SSH is present on over 18 million hosts accessible from the internet. This figure doesn’t count hosts available to adversaries once they gain access to an internal network. The figures quickly become staggering. To complicate this, organizations regularly use SSH and SSH Authorized Keys as part of a healthy cybersecurity posture. It only takes one misconfiguration in SSH or the hosts it runs on to allow adversaries to add an SSH key of their own. With this technique accomplished they can reconnect to that host any time they like.

Do you know which SSH keys in your environment are good and which are bad? Get the hands-on skills you need to detect and mitigate this adversary behavior today.

This course is part of a Career Path:
No items found.

Instructed by

Master Instructor
Matthew Mullins

Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.

Cybrary Logo
Certification Body
Certificate of Completion

Complete this entire course to earn a SSH Authorized Keys Certificate of Completion