PuTTY Private Key
Service Name: PuTTY
Service Description: PuTTY is a free and open-source terminal emulator, serial console, and network file transfer application. It supports several network protocols, including SSH, Telnet, and SFTP. PuTTY private keys are used for SSH authentication.
Service Address: https://www.putty.org/
Validation Type: -
IP Allow list: Does not exist at the key level, but SSH servers can be configured to restrict access by IP address.
Secret Access Scope: Grants SSH access to servers where the corresponding public key has been authorized.
Secret Revokement URL: Does not exist (requires removing the corresponding public key from authorized_keys files on target servers)
Secret Example: PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: rsa-key-20230601 Public-Lines: 6 AAAAB3NzaC1yc2EAAAABJQAAAQEAiAMXp+3H5sKP8fvO9SJX9nJLQJP+hUVW RxRVcT+Vl6nCUVjzZb/+3OA9VNH/XVmP1VBsGxmhdBJXN3IYJwzNgrm9FnUB 6nLRPZfmDTJD6oD5mJVbKBVrFtjZJQGQJtG3FQzn7aIYldVZeM6y1M4vFeE3 0JnZTG4x1HLIFqTrF2wFYEeMvQyiZnJJA+pK+TFIgZivK9Bcm0TcBD5lSzjb 8Jf0VJXORkPTm4LScR95OmCpWa9FiXE6ViG8hpGiZVzU4/P6U70JpCJO8nyu EXAMPLE_KEY_DATA_CONTINUES Private-Lines: 14 AAABABMC8YYbWdTAcZFTXqZHGdJxZZ9iKK+BZ9XbCuKDCHJZQ1tMqMnQEU2 EXAMPLE_PRIVATE_KEY_DATA Private-MAC: 50c45751d18d74c00fca395deb7b7695e3ed6f77
Suspicious Activity Investigation Instructions:
- Review SSH server logs for unauthorized access attempts using this key
- Check for unexpected login times or locations
- Monitor for file transfers or command executions that seem unusual
- Verify if the key has been used from unexpected IP addresses
- Check if the key has been used to access systems it shouldn't have access to
Mitigation Instructions:
- Remove the corresponding public key from the authorized_keys file on all servers
- Generate a new key pair to replace the compromised one
- Ensure the private key is stored securely with appropriate permissions
- Consider implementing multi-factor authentication for SSH access
- Audit all systems that may have been accessed with the compromised key
- Rotate any credentials or secrets that may have been exposed
- Consider implementing SSH certificates instead of static keys for better control