Knowledge Base

EC2 instance SSH key should not be shared between instances with different access permissions

Provider: AWS
Service: EC2
Severity: High

Description

You have one or more public EC2 instances that share an SSH key with another instance that has administrative privileges. Create unique SSH keys for each system to ensure that an attacker cannot gain administrative access by compromising the public instance.

Suggested Action

Change your instance configurations so that public instances use ssh keys which are different from those used by instances with administrative privileges.

Compliance:

Framework Name Framework Version Control Name Control Description
NIST CSF 1.1 pr.ac.4 Manage permissions and authorizations
NIST SP 800-171 Revision 1 3.1.6 Use non-privileged accounts or roles when accessing nonsecurity functions.
NIST SP 800-53 Revision 5 IA-5(2) Authenticator Management | Public Key-based Authentication
NIST SP 800-53 Revision 5 AC-2(7) Account Management | Privileged User Accounts
ISO IEC 27001 2013 A.9.2.5 Access control | User access management | Review of user access rights
ISO IEC 27001 2013 A.9.2.6 Access control | User access management | Removal or adjustment of access rights
ISO IEC 27001 2013 A.10.1.2 Cryptography | Cryptographic controls | Key management
AICPA SOC 2 2017 cc6.1 Logical access controls
AICPA SOC 2 2017 cc6.2 User credential management

References:


    Review each link for further information on their respective topics.

  • You can read more about managing SSH keys on EC2 instances at (AWS) Managing SSH Access