SSH Private Key Handling Policy?



All, I've reached an impasse' with our Unix folks and am looking for
some outside opinions on how others have dealt with a similar issue.
Any thoughts/direction you can provide would be much appreciated...

Scenario:
We have several hundred Solaris/Linux servers and its recently come to
the security group's attention that the Unix admins are using SSH
RSA/DSA keys instead of password authentication. No issues with that.
They are also using the SSH keys inside scripts to authenticate
service accounts communicating between boxes. No issues there either,
however (and this is the rub), they are keeping the private keys
unencrypted so the scripts are never prompted for a password - the
script fires, gets the key, and auths without any prompting and
therefore creating "passwordless/promptless SSH". The keys are owned
by the service accounts to which roughly 100 people have access (unix
admins, dba's, and the application admin teams). All it would take is
a disgruntled employee to start snagging keys and start logging into
the boxes causing havoc as the service user(s).

So we've asked the Unix teams to secure the keys but their suggested
method is to make the keys owned by root then have users run a script
which would in essence sudo to root and use the key to open a
connection then sudo back to their user. They've encrypted the private
keys with a passphrase ... but set the passphrase to nothing (blank
password). Obviously that doesn't work either. We've suggested the
ssh-agent approach outlined in Daniel Robbins article here -
http://www.ibm.com/developerworks/library/l-keyc.html - but they don't
want to take that approach because it requires them to enter the
passphrase which would have to be stored in the script calling the
service account login process.

Any ideas?

mh

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------