Banned Keys

SSH Hunter includes the ability to ban SSH keys. When a key is banned, Sandfly will alert on its presence on any host.

To ban a key, add the tag “Banned” or click on any of the "Ban Key" buttons in the User Interface (UI) to automatically add the tag to the key(s).

A screenshot of banned keys and the Ban Key button in the Key Investigation data table — Banned Entries and the Ban Key Button

When a banned key is found during scans that include the recon_user_list_all sandfly, an alert result will be generated for each banned key.

In the UI of SSH Hunter pages, a key status icon (red key with slash through it) indicates that a banned key is on a host:

A screenshot of banned key inidcators in the Key Investigation data table — Banned Key Indicators

Like zone violations, banned key indicators appear as status icons throughout the SSH Hunter UI pages and visualizations so that you can easily see which keys, hosts, and users are using banned keys.