SSH Authorized Keys

Course

SSH Authorized Keys are widely used as credentials for remotely accessing Linux-based systems via SSH. Adversaries can manipulate these keys to give themselves persistence in your environment so they can return at will. Get hands-on detecting and mitigating this adversary action today.

Time
45 minutes
Difficulty
Intermediate
CEU/CPE
3
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course Content
Module 1: Account Manipulation: SSH Authorized Keys
What are SSH Authorized Keys?
15m
Detection, Validation, and Mitigation
30m
Course Description

Some reports show that SSH is present on over 18 million hosts accessible from the internet. This figure doesn’t count hosts available to adversaries once they gain access to an internal network. The figures quickly become staggering. To complicate this, organizations regularly use SSH and SSH Authorized Keys as part of a healthy cybersecurity posture. It only takes one misconfiguration in SSH or the hosts it runs on to allow adversaries to add an SSH key of their own. With this technique accomplished they can reconnect to that host any time they like.

Do you know which SSH keys in your environment are good and which are bad? Get the hands-on skills you need to detect and mitigate this adversary behavior today.

Instructed By
Matthew Mullins
Matthew Mullins
Technical Manager, Red Team
Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a SSH Authorized Keys Certificate of Completion