A typical Fortune 500 company has several million SSH keys that provide access to its network devices–an overwhelming number to manage. Protecting and managing SSH keys is of paramount importance because these keys provide access to some of the most critical of an organization, likeservers, databases, firewalls, payroll systems, etc. If they fall into the wrong hands, hackers could get their hands on the core network infrastructure, manipulate the critical devices, and either bring the network down or make away with sensitive organization and client data.
Sometimes, SSH keys that are long obsolete but still in the network can cause more harm than live keys. This is because since organizations are not even aware of their existence, hackers could steal them undetected and use them to gain entry into the network. Detecting expired or unused keys and promptly invalidating them can stop a large number of attacks, like Man-in-the-Middle attacks, from happening.