U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Draft NIST Interagency Report (IR) 7966 Security of Automated Access Management Using Secure Shell (SSH) is available for public comment
August 21, 2014

NIST announces the public comment release of Draft NIST Interagency Report (IR) 7966, Security of Automated Access Management Using Secure Shell (SSH). (NOTE: This draft & the 2nd draft has been approved as FINAL on October 2015). The purpose of this document is to assist organizations in understanding the basics of Secure Shell (SSH) and SSH automated access management in an enterprise, focusing on the management of SSH access tokens. It discusses the basics of access management and automated access management and it examines the basics of SSH version 2.0. It describes the primary categories of vulnerabilities in SSH user key management and recommends possible mitigations for each category of vulnerability then it lists recommended practices for management. It explains risk mitigation for SSH access tokens. and it concludes with solution planning and deployment.. 
 
Comment period CLOSED on: September 26, 2014. Questions? Send email to: NISTIR7966-comments@nist.gov

Created December 21, 2016, Updated June 22, 2020