Skip to content

PuTTY Private Key

Service Name: PuTTY

Service Description: PuTTY is a free and open-source terminal emulator, serial console, and network file transfer application. It supports several network protocols, including SSH, Telnet, and SFTP. PuTTY private keys are used for SSH authentication.

Service Address: https://www.putty.org/

Validation Type: -

IP Allow list: Does not exist at the key level, but SSH servers can be configured to restrict access by IP address.

Secret Access Scope: Grants SSH access to servers where the corresponding public key has been authorized.

Secret Revokement URL: Does not exist (requires removing the corresponding public key from authorized_keys files on target servers)

Secret Example: PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: rsa-key-20230601 Public-Lines: 6 AAAAB3NzaC1yc2EAAAABJQAAAQEAiAMXp+3H5sKP8fvO9SJX9nJLQJP+hUVW RxRVcT+Vl6nCUVjzZb/+3OA9VNH/XVmP1VBsGxmhdBJXN3IYJwzNgrm9FnUB 6nLRPZfmDTJD6oD5mJVbKBVrFtjZJQGQJtG3FQzn7aIYldVZeM6y1M4vFeE3 0JnZTG4x1HLIFqTrF2wFYEeMvQyiZnJJA+pK+TFIgZivK9Bcm0TcBD5lSzjb 8Jf0VJXORkPTm4LScR95OmCpWa9FiXE6ViG8hpGiZVzU4/P6U70JpCJO8nyu EXAMPLE_KEY_DATA_CONTINUES Private-Lines: 14 AAABABMC8YYbWdTAcZFTXqZHGdJxZZ9iKK+BZ9XbCuKDCHJZQ1tMqMnQEU2 EXAMPLE_PRIVATE_KEY_DATA Private-MAC: 50c45751d18d74c00fca395deb7b7695e3ed6f77

Suspicious Activity Investigation Instructions:

  • Review SSH server logs for unauthorized access attempts using this key
  • Check for unexpected login times or locations
  • Monitor for file transfers or command executions that seem unusual
  • Verify if the key has been used from unexpected IP addresses
  • Check if the key has been used to access systems it shouldn't have access to

Mitigation Instructions:

  • Remove the corresponding public key from the authorized_keys file on all servers
  • Generate a new key pair to replace the compromised one
  • Ensure the private key is stored securely with appropriate permissions
  • Consider implementing multi-factor authentication for SSH access
  • Audit all systems that may have been accessed with the compromised key
  • Rotate any credentials or secrets that may have been exposed
  • Consider implementing SSH certificates instead of static keys for better control