Plugin Title SSH Keys Rotated
Cloud AWS
Category IAM
Description Ensures SSH keys are not older than 180 days in order to reduce accidental exposures
More Info SSH keys should be rotated frequently to avoid having them accidentally exposed.
AWS Link
Recommended Action To rotate an SSH key, first create a new public-private key pair, then upload the public key to AWS and delete the old key.

Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the "Services" option and search for IAM.
  3. Scroll down the left navigation panel and choose "Users".
  4. Select the "User" that needs to be verified and click on the "User name" to access the selected "IAM User".
  5. Click on the "Security Credentials" under the configuration page.
  6. Scroll down the "Security Credentials" tab and check the "SSH keys for AWS CodeCommit" section. Check the "Uploaded" column and if any SSH key is older than 180 days than that SSH key is outdated and needs to be changed.
  7. Repeat steps number 3 - 6 to verify any other IAM user.
  8. To update the SSH key scroll down the "Security Credentials" tab and check the "SSH keys for AWS CodeCommit" section. Click on "Upload SSH public key" button to upload the new SSH key.
  9. In the "Upload SSH public key" tab upload the new SSH key and click on the "Upload SSH public key" button.
  10. Use the new "SSH key" for AWS CodeCommit repositories and replace the older key with the new one. Make sure that the new "Access key" pair is working fine.
  11. To remove the older "SSH key" once you verified that the new "SSH key" is working fine click on "Security Credentials" under IAM user configuration page and select the older "SSH key ID" which needs to be removed.
  12. Click on the cross(×) symbol at the extreme right to remove the selected key.
  13. Click on "Delete" button under the "Delete SSH key" tab to delete the older "SSH Key".

Want to scan for this risk automatically?

Get Started Now