LOW
Source
CloudSploit
ID
ssh-keys-rotated

SSH Keys Rotated

Ensures SSH keys are not older than 180 days in order to reduce accidental exposures

SSH keys should be rotated frequently to avoid having them accidentally exposed.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for IAM. Step

  3. Scroll down the left navigation panel and choose “Users”. Step

  4. Select the “User” that needs to be verified and click on the “User name” to access the selected “IAM User”.Step

  5. Click on the “Security Credentials” under the configuration page.Step

  6. Scroll down the “Security Credentials” tab and check the “SSH keys for AWS CodeCommit” section. Check the “Uploaded” column and if any SSH key is older than 180 days than that SSH key is outdated and needs to be changed.Step

  7. Repeat steps number 3 - 6 to verify any other IAM user.

  8. To update the SSH key scroll down the “Security Credentials” tab and check the “SSH keys for AWS CodeCommit” section. Click on “Upload SSH public key” button to upload the new SSH key.Step

  9. In the “Upload SSH public key” tab upload the new SSH key and click on the “Upload SSH public key” button. Step

  10. Use the new “SSH key” for AWS CodeCommit repositories and replace the older key with the new one. Make sure that the new “Access key” pair is working fine.

  11. To remove the older “SSH key” once you verified that the new “SSH key” is working fine click on “Security Credentials” under IAM user configuration page and select the older “SSH key ID” which needs to be removed.Step

  12. Click on the cross(×) symbol at the extreme right to remove the selected key. Step

  13. Click on “Delete” button under the “Delete SSH key” tab to delete the older “SSH Key”.Step