Portal
Forum
Devolutions Force
Hub Business
Hub Personal
Devolutions Send
Devolutions Academy
RDM
Workspace
Launcher
Managing Secure Shell (SSH) keys across a complex IT environment is essential — yet challenging. As the scale of your organization grows, manual management of SSH keys becomes increasingly error-prone and cumbersome, raising potential security risks.
At Devolutions, we're dedicated to continuously enhancing our privileged access management (PAM) solution, making privileged access simpler, safer, and smarter. That's why we're thrilled to introduce our latest feature: built-in SSH key rotation support in Devolutions PAM.
No more scattered keys across disparate systems or uncertain access states: the Devolutions PAM centralized dashboard provides visibility, making audits more straightforward and minimizing the risks of inactive, forgotten, or old SSH keys by regularly rotating keys.
How SSH key rotation works in Devolutions PAM
Our built-in SSH key PAM provider simplifies rotation with automated and scheduled key updates across all authorized accounts. Here's how it works:
-
Automated rotation: Keys are periodically and automatically rotated according to policies defined by the administrator, ensuring continuous compliance and reduced manual workload.
-
Positive access control: Devolutions PAM ensures SSH keys are updated across all associated
authorized_keys files, maintaining accurate access rights at all times. -
Detailed visibility and reporting: Admins gain precise insight into key usage, allowing swift identification and remediation of potential security issues.
Configuring SSH key rotation securely
For Devolutions PAM's built-in SSH key rotation to operate effectively, secure access to the relevant authorized_keys files across your managed systems is required. To maintain tight security, we recommend using the StrictModes configuration within your SSH server settings.
To achieve secure compatibility with StrictModes, consider configuring Access Control Lists (ACLs) using the following commands on filesystems supporting ACLs:
setfacl -m u:<PAM_USER>:--x /home/<ACCOUNT>
setfacl -m u:<PAM_USER>:--x /home/<ACCOUNT>/.ssh
setfacl -m u:<PAM_USER>:rw /home/<ACCOUNT>/.ssh/authorized_keys
Replace <PAM_USER> with the username of the account Devolutions PAM uses to manage SSH keys, and replace ACCOUNT with all the accounts with SSH keys that you will be managing. These commands ensure Devolutions PAM securely maintains necessary access without compromising stringent security policies.
Learn how the Devolutions PAM module within Devolutions Server (DVLS) works with Remote Desktop Manager (RDM) to seamlessly import, connect, and rotate an SSH key in the video below.
Enhanced security posture
Leveraging built-in SSH key rotation significantly enhances your organization's overall security posture by:
-
Eliminating key sprawl and orphaned keys
-
Reducing manual errors from manual key management
-
Simplifying compliance and audit trails with transparent reporting
Using the new SSH key provider in Devolutions PAM
Devolutions PAM's built-in SSH key rotation provides a powerful, intuitive tool for securely managing SSH keys, significantly enhancing security and operational efficiency. With centralized management, automated rotation, and detailed visibility, your organization can reduce risks, simplify compliance, and focus more resources on strategic initiatives. And that’s not all: we are further enhancing this feature in 2025.2 to continue streamlining your SSH key management and make it even easier. Stay tuned for more!
Discover today how effortless privileged access can be with Devolutions PAM.
