By: Renato Losio, InfoQ
Translated by: MingzhiShan
Edited by: Tina
Cloudflare has recently launched a new feature for infrastructure SSH access, replacing traditional SSH keys with short-lived certificates. This new feature, which integrates BastionZero into Cloudflare One, leverages temporary, ephemeral certificates instead of long-term SSH keys, simplifying SSH key management and enhancing security.
Traditionally, users would need to generate SSH key pairs and deploy them to servers to gain access. With infrastructure SSH access, traditional SSH keys are replaced by short-lived certificates issued via user-generated tokens through Access. Cloudflare highlights thata key advantage of this new feature is the ability for enterprises to manage SSH access like other applications, including implementing robust multi-factor authentication (MFA), device context, and policy-based access control. This enables businesses to integrate infrastructure accesspolicies within their Secure Service Edge (SSE) or Secure Access Service Edge (SASE) architectures.
In an announcement, Sharon Goldberg, Cloudflare’s Product Director and former BastionZero CEO, along with Ann Ming Samborski, Cloudflare Senior Product Manager, and Sebby Lipman, Cloudflare Senior Systems Engineer, stated: Modern enterprises may have dozens, hundreds, or even thousands of SSH targets. These SSH-accessible servers are vulnerable to encryption hijacking or man-in-the-middle attacks. Manually tracking, rotating, and verifying authorized SSH credentials is an often-overlooked task, increasing the risk of long-term credential leakage.
Source: Cloudflare Blog
Goldberg, Ming Samborski, and Lipman emphasize the importance of logging: Zero Trust principles require enterprises to not only track who is using SSH to access servers but also monitor what commands they execute on the server after gaining access.
In a popular discussion on Hacker News, many developers expressedskepticism about Cloudflare’s approach to zero-trust SSH access using SSH proxy infrastructure. User edelbitter questioned: The title mentions ‘zero trust’, but the article explains that this approach only works if every Cloudflare man-in-the-middle key logger and its CA are considered trustworthy. If the value ofthe host key is ignored because you can’t know which key the proxy will use, isn’t this scheme just back to the same thing as just because the server is in Cloudflare’s address space?
This new feature from Cloudflare offers a promising approach to simplifying SSH access management and enhancing security. However,the concerns raised by some developers regarding the reliance on Cloudflare’s infrastructure for zero-trust SSH access highlight the need for further discussion and analysis of the security implications of this approach.
Views: 0