SSH keys

An SSH key is an access credential to SSH network protocols. These allow you to gain access to an encrypted connection between systems. Then, you can use this connection to manage the remote system.

SSH keys authenticate the connection to ensure secure access to the server using various authentication methods.

The Discovery sensor scans your network (default SSH enabled port 22) for SSH keys configured on your server.

Discover SSH keys

To discover the SSH keys configured on your server, you need to create and run a scan.

  1. In your CertCentral account, in the sidebar menu, select Discovery > Manage Discovery.

  2. On the Manage scans page, select Add scan.

  3. On the Add a scan page, in the Set up a scan section, provide the required information to set up the scan. Then, select Next.

  4. On the Scan setting section, under Settings > Scan options, select Choose what to scan > Enable SSH key discovery.

  5. Select Save and run.

View key scan results

  1. Go to Discovery > View Results.

  2. On the Certificates page, select View endpoints.

  3. On the Endpoints page, use the Scan name filter to identify the endpoints associated to the scan.

  4. Select the IP address/FQDN to view the details of the discovered SSH keys on the server details page.

The following information about the discovered keys is available:

Field Description
Authentication methods Methods to authenticate SSH keys configured on your server.
Key fingerprint SSH key fingerprint generated from public key hashing utilizing different hash algorithms such as SHA, ECDSA, etc.
Key algorithm Algorithm used for hashing the SSH key and the SSH key's size (or length) in bits.