How to secure SSH jump server / SSH bastion host / SSH gateway

Here are some of the basic security measures to harden the security of our Linux SSH Jumphost server.

  • Dedicated Server Environment - Always install Ezeelogin on a dedicated server environment and would never recommend installing it on a shared hosting environment  as shared environment is more vulnerable as it allows other shared users to snoop around or probe around.

  • Avoid VPS - If you can afford it, always install Ezeelogin on dedicated servers rather than VPS as there are chances of the hardware host nodes being compromised since its shared with other containers.

  • Enable Firewall and Lockdown access - Always, restrict the ips from which staffs are allowed to ssh from. You should be allowing only your ips, employees ips and the default rule should block ssh for everyone and should be granted explicitly. You can achieve this using iptables or setting up rules in host.allow/hosts.deny files.

  • SSH Gateway behind VPN is Very Good - Having your SSH gateway behind a VPN is very good as it prevents unauthorized traffic. This is highly recommended.

  • Two factor authentication - Enable 2 factor authentication like Google 2factor Auth or Yubikey or DUO Security so that both the Ezeelogin web gui and ssh interface has an additional layer of protection. 

  • SSL For HTTPS - Enable ssl and access your web gui using https only. You would need to install your ssl certificate for the gui and then enable ssl mode in ezeelogin settings. Once the ssl certificates are installed, refer How to enable or force ssl or disable ssl

  • Enable htaccess - Setup .htaccess authentication to protect the folder where you have installed the web gui. Never leave the web gui publically accessible. This needs be done manually on the ssh jumphost server.

  • Enable Captcha - Enable captcha for the web gui in the ezeelogin settings

 

 

0 (0)
Article Rating (No Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    What operating systems and platforms are supported to install jump server?
    Viewed 1589 times since Wed, Jun 14, 2017
    How to install ioncube on jump server?
    Viewed 14802 times since Wed, Jun 14, 2017
    Install slave / secondary node for high availability in jump server
    Viewed 1216 times since Wed, Jun 14, 2017
    Upgrade Jump server or Bastion host installation?
    Viewed 1818 times since Thu, Aug 24, 2017
    Installing Jump server or Bastion host on a linux host in Google or AWS instance ?
    Viewed 1395 times since Thu, Sep 21, 2017
    The IP field must contain a valid public IP or how to install Ezeelogin on a machine in lan
    Viewed 1512 times since Wed, Jun 14, 2017