Record SSH Sessions on Linux servers when employees Work from Home( WFH).
We would recommend setting up a Jump Host to record SSH sessions of your staff when they are working remotely. The remote staff would have to hop through the Ezeelogin Jumphost before accessing any Linux servers.
The jumpbox can then be put behind a VPN /Tunnel. The access to the centralised jump server would be authorised only using RSA Keys or using SSH Certificates which would help you achieve security certifications like PCI DSS, ISO 27001, HIPPA, FEDRAMP, NIST and more very easily.
10 features in Ezeelogin Jump server to secure access of remote employees on Linux servers when working via SSH
- Enable SSH Key based access only to your ssh gateway. Disable password based authentication.
- Two factor authentication – Ensure that 2FA is enabled on your jump server gui and for the ssh backend. Enable 2factor authentication such as Yubikey, Google Authenticator or DUO .
DUO 2FA https://www.ezeelogin.com/kb/article.php?id=164
Google 2FA https://www.ezeelogin.com/kb/article.php?id=147 –
- User Access Control – Setup access control for your employees so that they can access only the servers they need access to. For example, developers need to access only the development server and system administrator needs to access only production server etc.
- User Privilege Escalation – Make use of privilege escalation feature to ensure that employees login as a non privileged user only. The administrator can decide if the employee needs to escalate his privileges to root, if yes , it can be granted.
- Record SSH sessions – Monitor all your employee activities and you can always go back in time and search for any investigation. This is a mandatory requirement for being PCI DSS compliance and other.https://www.ezeelogin.com/kb/article…sions-208.html
- Integrate Ezeelogin with Active Directory so that you can easily import your employees into the jump servers. Users management is now very simplified. To enable to disable users, it can be done via your Active Directory.https://www.ezeelogin.com/kb/article.php?id=178
- Enable SAML authenticationif your organisation is already using SAML.https://www.ezeelogin.com/kb/article…erver-273.html
- Enforce Employee Password Rotation and disable inactive employees accounts on the jump server.
- Automated Server Password Rotations Periodically –
Its always good to go for ssh key based authentication, however if you have enabled password based authentication, you can easily rotate then across your server fleet periodically with cronjobs.
- RDP Access & Record RDP Sessions of Employees