Better SSH management with ephemeral keys

Presented at BSidesSF 2017, Feb. 12, 2017, 2:50 p.m. (30 minutes)

SSH is a great, safe protocol that almost everyone uses for managing their servers and infrastructure. However, failures in SSH user management has lead to multiple news-worthy infrastructure compromises. This talk introduces the audience to Netflix's Bless and Lyft's Blessclient, which Lyft is open-sourcing. The combination of these tools has allowed Lyft to improve the security of our SSH accounts, as well as empowering engineers to manage their SSH keys themselves.

Presenters:

• Vivian Ho
  Vivian Ho is a software engineer on the security team at Lyft. Fresh out of university, Vivian is interested in designing and building cool software to protect all the things. A fan of RPG games and molecular gastronomy.
• Chris Steipp
  Chris Steipp is a long-time security engineer with a background in development, penetration testing, and building secure software. He is passionate about open source and open culture, and formerly managed security for the Wikimedia Foundation. He likes breaking things in his spare time. And whiskey.

Links:

• https://bsidessf2017.sched.com/event/9IKh/better-ssh-management-with-ephemeral-keys

Similar Presentations:

• NolaCon 2022 / Use and abuse of SSH AuthorizedKeysCommand and SSH Certificates
• Black Hat USA 2011 / SSH as the next back door. Are you giving hackers root access?
• GrrCON 2019 / How to Make a Honeypot Stickier (SSH*)