SSH Communications Security to release free assessment tool

Share this article:

SSH Communications Security has announced a free tool to scan and assess networks to provide a report on risk and compliance exposures in secure shell (SSH) environments.

Named the SSH Risk Assessor (SRA), the company claimed that it identifies an organisation's compliance status with relevant standards, assesses actions needed to achieve compliance and provides an understanding of the current state of the SSH environment.

According to the company, the free tool enables internal and external audit and security teams to collect SSH key information across the environment and provide an assessment of risk exposure. The tool highlights known vulnerabilities in the environment, basic statistics on SSH keys deployed and specific violations of current best practices.

Tatu Ylönen, CEO and founder of SSH Communications Security, told SC Magazine that the current state of SSH key management is so bad that it is currently welcoming comment on its draft document around best practice for this technology.

He said: “SRA provides an easy way for enterprises and government agencies to determine if there are risk and compliance issues with respect to who has access to what information in their SSH environment.”

He said that this will create a script to run on each server to analyse it and build a picture of the servers to let users know how many keys they have and help them build a remediation project.

“It is a free tool to show what your situation is without having to make any modifications to your systems,” he said. “It is free now to auditors and eventually we will make it free to everyone.” 

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more