The Big Picture
As you review these two articles on OpenSSH security, you see that this is a tool with many abilities—and precautions. You can trade in simplistic passwords for sophisticated digital keys—and wonder how many keys are copied during an attack. You can provide an encrypted tunnel that protects passwords—and watch the same tunnels keep you from monitoring infiltrators as they go where they shouldn’t.
The goal of all of these articles is to raise awareness of SSH’s many features and risks, if said features are applied haphazardly without a clear understanding of the butterfly effect causing a security tsunami.
The best way out of this is to get a good team together; provision them with good books, training, and consulting; and then empower them to create an architecture that stays consistent.
I hope you’ve found this article useful. If not, respond below.