IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Find all SSH Keys in USS

    Posted Wed July 10, 2024 05:27 PM

    Hello everyone.

    I have been tasked with finding all ssh keys in USS. Does anyone have any experience with finding this information?

    Does anyone know of anyways to limit ssh key usage?

    Thank you,

    Joseph Armas



    ------------------------------
    Joseph Armas
    ------------------------------


  • 2.  RE: Find all SSH Keys in USS

    Posted Mon July 15, 2024 03:06 AM

    At one of the projects I did, we used newlist type=unix to find all .ssh directories. and .ssh/known_hosts files.  Unfortunately, zSecure Collect doesn't offer a command to collect (the contents of) these files, and zSecure Audit is limited by the user's privileges.

    On other platforms you could add an option to ignore user-specific ssh keys in /etc/ssh/ssh_config

    UserKnowHostsFile=/dev/null



    ------------------------------
    Rob van Hoboken
    ------------------------------

    Original Message