Security Features Articles
record ssh sessions
Viewed 7491 times since Fri, May 4, 2018
How to record ssh sessions on a Linux Server, Router, Switch using Ezeelogin ssh Jump Server? The "SSH Log" recording feature lets you record ssh sessions of system administrator, system engineers , developers ,network administrators  accessing... Read More
How to enable google 2FA (Two factor Authentication) in ezeelogin ?
Viewed 5870 times since Mon, Oct 9, 2017
How to enable  google 2FA (Two factor Authentication) in ezeelogin ?  Open ezeelogin webpanel > Account > Google Authenticator            Click on 'set' button and scan the QR code with the Google Authenticator App   ... Read More
How to stream the ssh sessions in real time?
Viewed 5122 times since Wed, Nov 22, 2017
In order to stream the ssh session of users in real time, click on SSH Log Note that ssh live streaming is possible only for ongoing ssh session only and not for session that have ended.   SSH Live streaming is possible only for ongoing ssh... Read More
Configure ssh timeout in ssh gateway
Viewed 4291 times since Fri, Dec 1, 2017
Enable ssh session timeout so that idle ssh session are automatically disconnected from the ssh gateway. Set the variable Shell Activity Timeout so that ssh session which are idle are automatically timed out after the set number of seconds. A value... Read More
How to change the private key in use and change the default public key in use?
Viewed 4056 times since Fri, Dec 1, 2017
To generate the new 4192 bit key pair in the Ezeelogin jumphost installation, run the following command on the gateway server first. /usr/local/ezlogin/eztool.php -regenerate_ssh_key       2. Run the highlighted command using parallel... Read More
Can I use Google 2FA, Yubikey , DUO simultaneously?
Viewed 3965 times since Thu, Dec 14, 2017
Google 2FA, Yubikey and DUO can be configured and set for use simultaneously in the web panel.  The ssh jumphost user can set the all the three 2FA and can use any of it to authenticate depending on the users choice. If the User has forgotten to... Read More
How do i restrict commands that a user can execute in ssh in ezsh shell ?
Viewed 3760 times since Wed, Jun 14, 2017
Restrict commands in ezsh jump server shell  1. Enable command guard from Ezeelogin GUI > Settings > General > Security > Command Guard > Enable         2. Add a command group from Ezeelogin GUI > Command Guard > Command... Read More
How to disable web terminal appllication in Cpanel ?
Viewed 3701 times since Fri, Jun 29, 2018
How to disable web terminal  application in Cpanel ?    You can disable web terminal access in Cpanel by creating /var/cpanel/disable_whm_terminal_ui  file for WHM users. root@gateway:~# touch /var/cpanel/disable_whm_terminal_ui Read More
Configure DUO 2FA in Ezeelogin SSH jumphost
Viewed 3348 times since Thu, Nov 23, 2017
Do checkout duo ssh jumphost configuration video as well. Create your account in duo.com and login. Navigate to Applications -> Protect an Application  Search for Web SDK and click on Protect this Application     Copy Integration Key, Secret... Read More
Configure four eyes authorization
Viewed 2939 times since Fri, Dec 1, 2017
Enable four eyes authorization in Settings -> General -> Security Make sure Four Eyes Authorization Privilege is enabled for the user who would be granting access to view ssh logs. Go to Access Control->User-Action and grant the user Four... Read More
Prevent passwords from being recorded when ssh session recording is enabled
Viewed 2705 times since Fri, Mar 2, 2018
To ensure that passwords are not recorded when ssh session recording feature is enabled on the ssh gateway server, simply set the ssh session recording to Output only which means only STDOUT is recorded. This would record only what is displayed on... Read More
How to enforce 2 Factor Authentication on user login?
Viewed 2704 times since Wed, Sep 19, 2018
Enable the following settings to Enforce 2FAon user ssh login as well as for the web interface. This will prompt the ssh gateway user to set two factor authentication before going ahead and is a recommended security setting.   Enable the different... Read More
encryption used in ezeelogin use to secure information stored
Viewed 2638 times since Thu, Jun 15, 2017
Following are the encryption algorithms used in ezeelogin to ensure that the data stored in ezeelogin cannot be compromised.  The User passwords and security codes stored in the ezeelogin database uses multiple rounds SHA512, SHA256, BLOWFISH or DES... Read More
record rdp session
Viewed 2501 times since Thu, Dec 6, 2018
Record RDP sessions   Enable RDP Recording from Ezeelogin Gui > Settings > General  Settings > Security > RDP Recording     Click on the RDP Recording button on the left menu and you will be provided with an interface to view  and... Read More
Set SSH User Expiry
Viewed 2319 times since Thu, Sep 20, 2018
This feature lets you manage the duration for which an ssh gateway user will have access to the gateway after which it expires. The duration of the ssh access to the gateway can be set to expire in minutes,hours, day or on a date as show below. This... Read More
Configure ssh certificate based authentication
Viewed 2121 times since Fri, Apr 17, 2020
Configure Certificate Based SSH User Authentication   Support for certificate authentication of users and hosts using the new OpenSSH certificate format was introduced in Red Hat Enterprise Linux 6.5, in the  openssh-5.3p1-94.el6  package... Read More
encryption type used for securing users ssh logs in ezeelogin
Viewed 2109 times since Thu, Jun 15, 2017
  Following are the encryptions used in Ezeelogin SHA1 hashing used for encrypting user password and security codes The UNIX System User passwords uses CRYPT. SSH private keys use 4096 bits RSA ENCRYPTION. RSA keys used for securing root password... Read More
How to ensure that ssh jump host users are not using previous password set to meet security compliances such as PCI DSS , SOX, HIPAA , NIST , MAS, SOC2, FFIEC, NERC CIP , ISO 27001
Viewed 2101 times since Wed, Feb 28, 2018
To meet various security compliance like PCI DSS 3.2, SOX , HIPPA , NIST , MAS , FFIEC , SOC2, NERC CIP, ISO 27001 users should not be allowed to set a password that has been previously used. To ensure that users are using a different password from... Read More
Enable Google reCaptcha
Viewed 1104 times since Fri, Feb 1, 2019
The Google ReCaptcha for the GUI can be enabled under Settings ->General->Authentication. You can choose the the visible or the invisible reCaptcha   Now the login page  would have the reCaptcha prompt if you have chosen the visible... Read More
Enforcing ssh login shell for ssh gateway users selectively in sshd_config file
Viewed 471 times since Fri, Sep 4, 2020
Enforce login shell for ssh users in sshd configuration file.   By default the Ezeelogin gateway users are assigned the shell /usr/local/bin/ezsh however you may want the gateway users to have OS level access ( /bin/bash shell ) when they login via... Read More
Integrate SAML Authentication in Ezeelogin GUI using Microsoft Azure SSO and Azure Active Directory
Viewed 440 times since Thu, Jul 9, 2020
Configure  Microsoft Azure SSO SAML based Authentication  in Ezeelogin GUI   Login into Microsoft Azure account and Create an Active Directory service Add Users in AD. This user in turn would authenticating into the Ezeelogin GUI Add an... Read More
How can i restrict IP’s to access the ezeelogin portal?
Viewed 197 times since Tue, Nov 24, 2020
Restrict IP's  to access the ezeelogin  portal?   You can limit/restrict  the IPs from which the User can connect to Ezeelogin ssh gateway server. Login to Ezeelogin Webportal > Users > Edit user > Enable Limit IPs Add... Read More
How to install and configure Eztunnel?
Viewed 92 times since Mon, Nov 9, 2020
How to install and configure Eztunnel? Follow the instruction to install and configuration Eztunnel software   Tunnel Server : a. On the Tunnel server, download the setup script from: root@tunnelserver:~# wget https://downloads... Read More
Configure Radius 2fa in Ezeelogin jumpserver
Viewed 71 times since Thu, Mar 25, 2021
1. First you need to configure Two-factor radius in Ezeelogin GUI under Settings>Radius.  You need to provide the radius server hostname and shared secret of radius server as shown below in the screenshot 2. You need to enable  " ... Read More