How to record ssh session of users on a Linux Server, Router, Switch using Ezeelogin ssh Jump Server ? or How to record linux terminal in text files and monitor users activities in ssh? The "SSH Log" recording feature lets you record ssh... Read More
How to enable Google 2FA (Two-factor Authentication) in Ezeelogin? Note: Google Authenticator doesn’t require any internet connection. 1. Open Ezeelogin web panel > Account > Google Authenticator 2. Click on the &... Read More
Configure Certificate-Based SSH User Authentication Support for certificate authentication of users and hosts using the new OpenSSH certificate format was introduced in Red Hat Enterprise Linux 6.5, in the openssh-5.3p1-94.el6 package.... Read More
Stream SSH in real-time In order to stream the ssh session of users in real time, click on SSH Log Note that ssh live streaming is possible only for ongoing ssh sessions only and not for sessions that have ended. SSH Live streaming is possible... Read More
How to enable/disable DUO 2fa in Ezeelogin? Do check out the duo ssh jump host configuration video as well. 1. Create your account on duo.com and log in. Navigate to Applications -> Protect an Application 2. Search for Web SDK and click on... Read More
How to disable web terminal application in Cpanel ? You can disable web terminal access in Cpanel by creating /var/cpanel/disable_whm_terminal_ui file for WHM users. [email protected]:~# touch /var/cpanel... Read More
Enable ssh session timeout so that idle ssh session are automatically disconnected from the ssh gateway. Set the variable Shell Activity Timeout so that ssh session which are idle are automatically timed out after the set number of seconds. A value... Read More
How to change the private key and public key in use? 1. To generate the new 4192-bit key pair in the Ezeelogin jumphost installation, run the following command on the gateway server first. [email protected] ~]# /usr/local/ezlogin/eztool.php ... Read More
Google 2FA, Yubikey and DUO can be configured and set for use simultaneously in the web panel. The ssh jumphost user can set the all the three 2FA and can use any of it to authenticate depending on the users choice. If the User has... Read More
Restrict commands in the Ezeelogin jump server shell Ezeelogin uses IEEE Std 1003.2 (“POSIX.2”) regular expressions in the command guard. Note: Command guard is an experimental feature (user can bypass command guard by using scripts, up arrow... Read More
Enable the following settings to Enforce 2FAon user ssh login as well as for the web interface. This will prompt the ssh gateway user to set two-factor authentication before going ahead and is a recommended security setting. Enable the different... Read More
Record RDP sessions Enable RDP Recording from Ezeelogin Gui > Settings > General Settings > Security > RDP Recording Click on the RDP Recording button on the left menu and you will be provided with an interface to view and search... Read More
Enable four eyes authorization in Settings -> General -> Security Make sure Four Eyes Authorization Privilege is enabled for the user who would be granting access to view ssh logs. Go to Access Control->User-Action and grant the user Four... Read More
How can we set expiry for SSH users? This feature lets you manage the duration for which an ssh gateway user will have access to the gateway after which it expires. The duration of the ssh access to the gateway can be set to expire in minutes, hours... Read More
Encryption algorithms used in Ezeelogin The User passwords and security codes stored in the ezeelogin database uses multiple rounds SHA512, SHA256, BLOWFISH or DES depending on what's supported in the ssh gateway OS. 1. The UNIX System User... Read More
How to prevent passwords from being recorded using SSH session recording feature? To ensure that passwords are not recorded when ssh session recording feature is enabled on the ssh gateway server, simply set the "SSH session recording" to Output only... Read More
To meet various security compliance like PCI DSS 3.2, SOX , HIPPA , NIST , MAS , FFIEC , SOC2, NERC CIP, ISO 27001 users should not be allowed to set a password that has been previously used. To ensure that users are using a different password from... Read More
Enforce login shell for ssh users in sshd configuration file. By default the Ezeelogin gateway users are assigned the shell /usr/local/bin/ezsh however you may want the gateway users to have OS level access ( /bin/bash shell ) when they login via... Read More
The Google ReCaptcha for the GUI can be enabled under Settings ->General->Authentication. You can choose the the visible or the invisible reCaptcha Now the login page would have the reCaptcha prompt if you have chosen the visible... Read More
Note: SAML is an authentication mechanism for web applications. It’s based on web protocols and it cannot be used for user authentication over SSH. Configure Microsoft Azure SSO SAML based Authentication in Ezeelogin GUI Login... Read More
Restrict IP's to access the ezeelogin portal? You can limit/restrict the IPs from which the User can connect to Ezeelogin ssh gateway server. Login to Ezeelogin Webportal > Users > Edit user > Enable Limit IPs Add... Read More
How to enable/disable Radius 2FA (Two-factor Authentication) in Ezeelogin? 1. Login to Ezeelogin GUI and navigate to Settings -> RADIUS -> RADIUS Settings/Two Factor RADIUS Settings. Provide Radius Host and Shared Secret in the below forms. ... Read More
How does the SAML user login to the EZSH shell? Note: SAML is an authentication mechanism for web applications. It’s based on web protocols and it cannot be used for user authentication over SSH. First login to the Ezeelogin GUI using SAML... Read More
To view IPMI password1. Ensure that you are accessing Ezeelogin with HTTPS and 2-factor authentication enabled2. After enabling HTTPS and 2 FA, you need to click on the + sign near the server name to view the IPMI password. You can view the IPMI... Read More