Administrative software tools often need to connect to multiple systems (e.g., servers, switches and storage devices) with root or super-user privileges in batch mode (i.e., without the operator entering a password). Such tools are often run from a root account rather than a least privileged account because a least privileged account may be unknown or unavailable to the application developer. Even if a least privileged account were known, the privileges attached to such an account may be insufficient, may be changed in future releases, and/or the account itself may be deleted.
To access multiple systems in batch mode, encryption keys may be created and deployed on the multiple systems. Authentication may be based on these encryption keys, eliminating the need to authenticate by prompting for a password. This avoids security risks due to eavesdropping of passwords, or brute-force password attacks. However, storing private encryption keys represents a potential security vulnerability if a rogue entity obtains access to a system (and therefore an encryption key) by logging into a root account. Not only will the security of that system be compromised, but the security of other systems interacting with the compromised system may also be compromised.