Record SSH Sessions on Linux servers when employees Work from Home( WFH).


Record SSH Sessions on Linux servers when employees Work from Home( WFH).

We would recommend setting up a Jump Host to record SSH sessions of your staff when they are working remotely. The remote staff would have to hop through the Ezeelogin Jumphost before accessing any Linux servers.

The jumpbox can then be put behind a VPN /Tunnel. The access to the centralised jump server would be authorised only using RSA Keys or using SSH Certificates which would help you achieve security certifications like PCI DSS, ISO 27001, HIPPA, FEDRAMP, NIST and more very easily.

10 features in Ezeelogin Jump server to secure access of remote employees on Linux servers when working via SSH

  1. Enable SSH Key based access only to your ssh gateway. Disable password based authentication.
  2. Two factor authentication – Ensure that 2FA is enabled on your jump server gui and for the ssh backend. Enable 2factor authentication such as Yubikey, Google Authenticator or DUO .

    DUO 2FA https://www.ezeelogin.com/kb/article.php?id=164
    Google 2FA https://www.ezeelogin.com/kb/article.php?id=147 –
    Yubikey https://www.ezeelogin.com/kb/article.php?id=75
  3. User Access Control – Setup access control for your employees so that they can access only the servers they need access to. For example, developers need to access only the development server and system administrator needs to access only production server etc.
    https://www.ezeelogin.com/kb/article…-user-197.html

    https://www.ezeelogin.com/user_manua…sscontrol.html

  4. User Privilege Escalation – Make use of privilege escalation feature to ensure that employees login as a non privileged user only. The administrator can decide if the employee needs to escalate his privileges to root, if yes , it can be granted.
  5. Record SSH sessions – Monitor all your employee activities and you can always go back in time and search for any investigation. This is a mandatory requirement for being PCI DSS compliance and other.https://www.ezeelogin.com/kb/article…sions-208.html
    https://www.ezeelogin.com/kb/article…ssion-244.html
  6. Integrate Ezeelogin with Active Directory so that you can easily import your employees into the jump servers. Users management is now very simplified. To enable to disable users, it can be done via your Active Directory.https://www.ezeelogin.com/kb/article.php?id=178
  7. Enable SAML authenticationif your organisation is already using SAML.https://www.ezeelogin.com/kb/article…erver-273.html
    https://www.ezeelogin.com/kb/article…erver-272.html
  8. Enforce Employee Password Rotation and disable inactive employees accounts on the jump server.

    https://www.ezeelogin.com/user_manua…ntication.html
    https://www.ezeelogin.com/kb/article…xpiry-297.html
  9. Automated Server Password Rotations Periodically
    Its always good to go for ssh key based authentication, however if you have enabled password based authentication, you can easily rotate then across your server fleet periodically with cronjobs.
    https://www.ezeelogin.com/kb/article…ically-76.html

  10. RDP Access & Record RDP Sessions of Employees
    https://www.ezeelogin.com/kb/article…ssion-244.html

Advice for WFH


  1. Airam

    Airam




    uix_expand



    uix_collapse

    Member


    Joined:
    Aug 28, 2020
    Messages:
    24
    Likes Received:
    0

    Most of us are probably working from home, or have been working from home during the COVID-19 quarantine. What are the lessons you’ve learned about working from home? Any advice on how to boost productivity, but be mindful of mental health and a work-life balance at the same time?

     



  2. VITS USA


    Joined:
    Aug 20, 2018
    Messages:
    825
    Likes Received:
    60

    If you assigned work properly for each employee then you can expect results on the same day. Proper time management and conference call with all the team member to take their updates is very important. Most of the employees are satisfied with WFH because they complete their assigned work on time, and the rest of the time used for R&D.