Hey Larry,

Try the free Cyberark DNA scanning tool:

https://www.cyberark.com/discover-privileged-accounts-exist-cyberark-dna/

You can join our community on slack if you need help or just want to chat:

https://slackin-conjur.herokuapp.com/

The problem is SSH is that it was not built with the central authorizing to give organizations visibility and control into who has access to what, sort like you get with an SSL Certificate Authority, so you need a tool to enforce proper security policy on SSH.

Check our Conjur Open Source if you are interested in a free DevOps solutions to SSH key management and secrets management:

https://www.cyberark.com/solutions/by-project/ssh-key-security-management/

Once you have control of your SSH key and privileged access management situation, you should monitor all new SSH key access to determine if it is really necessary and remove access that is no longer being used. You will be surprised about how many people find SSH keys that have not been used for years. This kind of access needs to be removed ASAP to reduce your attack surface.

Next you should clean up the mess that uncontrolled SSH key distribution creates by deploying a centralized SSH key management tool that will help you monitor and control who gains access and to what. There are many tools for doing this, my company, CyberArk.com, is the creator and owner of the Privilege Access Management market.

Hello Larry, good question!

First thing you should do is, assess the situation by doing a scan of your entire environment. This may seem daunting, but some organizations just start with the most powerful or most privileged accounts first to get some quick wins and eliminate the most risk quickly.

Thanks Denis, but its John :)