https://community.esri.com/t5/arcgis-enterprise-questions/porta-datastore-ssh-private-keys-in-azure-security/m-p/1385664#M38702 <P>Hi Patrick,&nbsp;</P><P>Regarding these:</P><UL><LI><SPAN>C:\Program Files\ArcGIS\DataStore\framework\runtime\couchdb\ssl\key.pem</SPAN></LI><LI><SPAN>C:\Program Files\ArcGIS\DataStore\framework\template\nosql\ssl\key.pem</SPAN></LI><LI><SPAN>C:\Program Files\ArcGIS\Portal\framework\runtime\ds\framework\template\nosql\ssl\key.pem</SPAN></LI></UL><P>These aren't SSH keys. These are 1/2 of the keypair used to support TLS in these components. The certificate keypair (cert + key) is self signed. These are key that are automatically generated upon installation. They are not trusted because they are self signed and not validated up to a certificate authority.&nbsp;</P><P>For these:&nbsp;</P><UL><LI><SPAN>C:\Program Files\ArcGIS\DataStore\framework\runtime\ozone\compose\ozone-om-ha\.ssh\id_rsa</SPAN></LI><LI><SPAN>C:\Program Files\ArcGIS\DataStore\framework\runtime\ozone\compose\ozonescripts\.ssh\id_rsa</SPAN></LI></UL><P><SPAN>Those keys are used to start Ozone. It's used in the Object Store. If you don't have the object store configured, you can remove it via add/remove programs, but I'd disagree that these are a risk because they are only used in local communication. If an attacker has access to these keys, then they already have local admin on your ArcGIS Enterprise installation (a much bigger problem).&nbsp;</SPAN></P><P><SPAN><A href="https://ozone.apache.org/docs/1.2.1/start/onprem.html" target="_blank">https://ozone.apache.org/docs/1.2.1/start/onprem.html</A></SPAN></P> Thu, 22 Feb 2024 19:52:21 GMT RandallWilliams 2024-02-22T19:52:21Z https://community.esri.com/t5/arcgis-enterprise-questions/porta-datastore-ssh-private-keys-in-azure-security/m-p/1381182#M38585 <P>Our organization has deployed ArcGIS Enterprise in Microsoft Azure.&nbsp; One of our Microsoft Defender security findings flagged "Unverified insecure SSH private key" related to ArcGIS Portal and DataStore.&nbsp;&nbsp;</P><P>I was tasked with learning if these files can be removed; or if they can be password protected.&nbsp; The files in question are so deep in the directory structure.</P><P>Has anybody else encountered this issue?</P><P>&nbsp;</P><P>C:\Program Files\ArcGIS\DataStore\framework\runtime\couchdb\ssl\key.pem<BR />C:\Program Files\ArcGIS\DataStore\framework\runtime\ozone\compose\ozone-om-ha\.ssh\id_rsa<BR />C:\Program Files\ArcGIS\DataStore\framework\runtime\ozone\compose\ozonescripts\.ssh\id_rsa<BR />C:\Program Files\ArcGIS\DataStore\framework\template\nosql\ssl\key.pem<BR />C:\Program Files\ArcGIS\Portal\framework\runtime\ds\framework\template\nosql\ssl\key.pem</P> Mon, 12 Feb 2024 17:58:06 GMT https://community.esri.com/t5/arcgis-enterprise-questions/porta-datastore-ssh-private-keys-in-azure-security/m-p/1381182#M38585 PatrickMcKinney99 2024-02-12T17:58:06Z https://community.esri.com/t5/arcgis-enterprise-questions/porta-datastore-ssh-private-keys-in-azure-security/m-p/1381292#M38589 <P>Follow <A href="https://trust.arcgis.com/en/security-concern/" target="_blank" rel="noopener">this link</A> to the ArcGIS Trust site, and fill out the form to submit a security concern to Esri. The team will review and follow up with suggestions, that won't involve removing the files or altering them in a way that could cause ArcGIS Enterprise to stop working.</P> Mon, 12 Feb 2024 20:46:27 GMT https://community.esri.com/t5/arcgis-enterprise-questions/porta-datastore-ssh-private-keys-in-azure-security/m-p/1381292#M38589 ReeseFacendini 2024-02-12T20:46:27Z https://community.esri.com/t5/arcgis-enterprise-questions/porta-datastore-ssh-private-keys-in-azure-security/m-p/1385664#M38702 <P>Hi Patrick,&nbsp;</P><P>Regarding these:</P><UL><LI><SPAN>C:\Program Files\ArcGIS\DataStore\framework\runtime\couchdb\ssl\key.pem</SPAN></LI><LI><SPAN>C:\Program Files\ArcGIS\DataStore\framework\template\nosql\ssl\key.pem</SPAN></LI><LI><SPAN>C:\Program Files\ArcGIS\Portal\framework\runtime\ds\framework\template\nosql\ssl\key.pem</SPAN></LI></UL><P>These aren't SSH keys. These are 1/2 of the keypair used to support TLS in these components. The certificate keypair (cert + key) is self signed. These are key that are automatically generated upon installation. They are not trusted because they are self signed and not validated up to a certificate authority.&nbsp;</P><P>For these:&nbsp;</P><UL><LI><SPAN>C:\Program Files\ArcGIS\DataStore\framework\runtime\ozone\compose\ozone-om-ha\.ssh\id_rsa</SPAN></LI><LI><SPAN>C:\Program Files\ArcGIS\DataStore\framework\runtime\ozone\compose\ozonescripts\.ssh\id_rsa</SPAN></LI></UL><P><SPAN>Those keys are used to start Ozone. It's used in the Object Store. If you don't have the object store configured, you can remove it via add/remove programs, but I'd disagree that these are a risk because they are only used in local communication. If an attacker has access to these keys, then they already have local admin on your ArcGIS Enterprise installation (a much bigger problem).&nbsp;</SPAN></P><P><SPAN><A href="https://ozone.apache.org/docs/1.2.1/start/onprem.html" target="_blank">https://ozone.apache.org/docs/1.2.1/start/onprem.html</A></SPAN></P> Thu, 22 Feb 2024 19:52:21 GMT https://community.esri.com/t5/arcgis-enterprise-questions/porta-datastore-ssh-private-keys-in-azure-security/m-p/1385664#M38702 RandallWilliams 2024-02-22T19:52:21Z