Skip to content
QCecuring

Overview

SSH-KLM Overview

Section titled “SSH-KLM Overview”

Secure SSH identities across your infrastructure with centralized visibility and lifecycle governance.

The Problem

Section titled “The Problem”

Organizations struggle with:

  • Key sprawl across thousands of systems
  • Rogue and unauthorized keys
  • Orphaned access from former employees
  • No centralized audit trail
  • Long-lived static credentials

The SSH-KLM Approach

Section titled “The SSH-KLM Approach”

SSH-KLM implements a continuous lifecycle model:

Discovery → Correlation → Governance → Remediation

  • Lightweight agents discover SSH keys
  • The platform correlates fingerprints across hosts
  • Risks are automatically classified
  • Reports and remediation workflows enforce policy

Architecture

Section titled “Architecture”
┌─────────────────────────────────────────────────────────────────┐
│                         Web Browser                             │
│                    (Angular 20 Application)                     │
└────────────────────────────┬────────────────────────────────────┘
                             │ HTTPS
                             │ REST API
                             
┌─────────────────────────────────────────────────────────────────┐
│                    API Backend (Spring Boot)                    │
│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐           │
│  │ Controllers  │  │   Services   │  │ Repositories │           │
│  └──────────────┘  └──────────────┘  └──────────────┘           │
│         │                  │                  │                 │
│         └──────────────────┴──────────────────┘                 │
│                            │                                    │
│                            ▼                                    │
│                    ┌──────────────┐                             │
│                    │   MongoDB    │                             │
│                    │  (sshkeydb)  │                             │
│                    └──────────────┘                             │
└────────────────────────────┬────────────────────────────────────┘
                             
                             │ HTTPS
                             │ REST API
                             │ (Agent Registration & Data)
                             
┌─────────────────────────────────────────────────────────────────┐
│              Discovery Agent (Spring Boot)                      │
│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐           │
│  │  Discovery   │  │   Scheduler  │  │   API Comm   │           │
│  │   Service    │  │   Service    │  │   Service    │           │
│  └──────────────┘  └──────────────┘  └──────────────┘           │
│         │                  │                  │                 │
│         └──────────────────┴──────────────────┘                 │
│                            │                                    │
│                            ▼                                    │
│              ┌──────────────────────────┐                       │
│              │   Local File System       │                      │
│              │   (~/.ssh/, /etc/ssh/)    │                      │
│              └──────────────────────────┘                       │
└─────────────────────────────────────────────────────────────────┘

Components

Section titled “Components”
  • UI — Inventory, compliance, reporting
  • API — Business logic, scheduling, correlation
  • Database — Keys, hosts, audit logs
  • Agents — Secure discovery on endpoints

Core Principles

Section titled “Core Principles”
  • Fingerprint-based identity (SHA-256)
  • Agent-based distributed discovery
  • Role-based access control (RBAC)
  • Immutable audit logging
  • Secure mTLS agent communication