SSH Yubikey based two factor authentication is integrated into ezeelogin ssh jump host for extra security. Even if someone steals your username and password (which is on the increase) they cannot access your jump host without your physical key. The YubiKey generates an encrypted password that can only be used once. Hackers require physical access of your YubiKey to generate the OTP.
SSH JumpHost and SSH Gateway Ezeelogin supports DUO Security two factor authentication ( 2FA ) which means that anyone having a smartphone these days can easily use it for the second layer of authentication. With DUO, you dont have to type in complex strings or numbers, just tap on the smartphone screen and you are securely authenticated easily. No extra devices like RSA Keys or security token generating devices has to be carried since you already have a smartphone with you to authenticate into your SSH Gateway.
bastion host with 2 factor authentication ensures that ssh access to your Linux servers or aws instances or cloud instances in production via the ssh jump server or ssh jump host is super secure. We have integrated Google two factor authentication in ssh. A user installs the Google Authenticator app on a smartphone. The app displays an additional six-digit one-time password . The user enters it, thus authenticating the user’s identity.
Boss wants you to enable password based authentication on hundred Linux server, he wants you to set 30 plus character strong password on each server, share the root passwords with developers , change the root passwords again once the developers logs out of the servers at the end of the day, also your boss want you to reset the root password on all the Linux server on a daily basis as he is paranoid when it comes to security.
Well without eating your boss alive and instead to get a promotion, here is the magic wand, use the Ezeelogin root password management feature and you will be able to meet all his requirement and if not even better. Being a Linux system administrator you know for fact that Key based authentication are exponentially stronger even if your passwords are 100 characters long but for some unearthly reasons you need to have password based authentication enabled on your hundred Linux servers.
Here are the key issues that Ezeelogin root password management features addresses.
Automatically set and reset and strong root passwords up to 32 characters long in a click on hundreds or thousands of Linux servers
Schedule periodic reset of root password across all your linux servers in a click
Reset root passwords on all your Linux server in a click.
If you are a system administrator and have bunch of Linux server that you need to manage and has to be PCI DSS3.2 ,SOX, SOC2, FFIEC, NERC CIP, ISO 27001,HIPAA compliant, then look no further, Ezeelogin SSH Gateway will help you be compliant in minutes.
Here are the requirements that Ezeelogin jumphost will help you meet.
SSH User Expiry – This would let you to set an expiry time for an ssh user. It could be a developer or a sysadmin who has to deploy new code and you need to remove the access granted after a period of time. You can now easily set an expiry time after which the user would no longer have access after a preset time.
IAM- Identity and Access Management – This would let you decide which developer / system administrator has access to which Linux production nodes. You can also decide ssh user which the developer or devops engineer would login into your Linux Node. You can decide whether the developer should login as non privileged user for example as user ‘dev’ or as ‘root’.
2FA – Two Factor Authentication in ssh – Easily integrate Yubikey, DUO Security or Google two factor Authentication when your staff accesses your Linux nodes.
SSH Session Recording – Know what your staff does on your Linux nodes. Records ssh session so that you know who does what, when and where.
SSH Key Management – This is usually a headache when you many server and many staff and many keys granting access to the servers. The keys need to be added for a user to grant access or revoked to deny access. The problem has been inherently handled in the ssh jump gateway as all keys are now encrypted and users would have just one key to access the ssh jump gateway which is removed with the users account deletion.
RSA / DSA Key Based Authentication – Support both RSA and DSA key based authentication while we would recommend RSA keys as DSA is considered to be weak and is being deprecated.
Disabling direct root access on target linux server – Direct root access needs to be disabled but then it comes with additional hassle of remembering password and other overheads. This is now handled in ingenious way in Ezeelogin
Automated Password resets – Reset the root passwords on your Linux nodes periodically as the password are to be reset. We would recommend disabling direct root access to any Linux nodes.
Centralised login for Users in LDAP or Active Directory – Now Authenticate your staff in SSH from your LDAP/ AD.
Maximum number of failed attempts before the accounts is locked– Repeated failures from your staff trying to access the ssh gateway could be brute force attack. The staff’s account is automatically locked to prevent further bruteforce.
Minimum password length for root password – Easily set root user password or remote ssh user password up to length of 30 character at a click.
Password reuse for an SSH Gateway User is limited such that previous 3 password is not allowed to be set again.