# SSH Authorized Keys

## Overview

**Evidence:** SSH Authorized Keys\
**Description:** Collect SSH authorized keys\
**Category:** Network\
**Platform:** aix\
**Short Name:** sshauth\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

SSH authorized keys contain public keys that are allowed to authenticate to user accounts without passwords. This data is essential for understanding SSH key-based authentication, detecting unauthorized access, and investigating SSH-related security incidents.

## Data Collected

This collector gathers structured data about ssh authorized keys.

## Collection Method

This collector parses the necessary data from SSH authorized keys files.

## Forensic Value

This evidence is crucial for forensic investigations as it provides information about SSH key-based authentication. It helps investigators understand SSH access patterns, detect unauthorized keys, and investigate SSH-related attacks. The data can reveal key-based access, authentication methods, and potential security vulnerabilities.