Record SSH Sessions and Control Access to your Linux servers when employees Work from Home( WFH). Secure your business today.

We would recommend setting up a self hosted ssh Jump server to record SSH sessions of your staff when they are working remotely. The remote staff would have to hop through the Ezeelogin Jumphost before accessing any Linux servers.

The jumpbox can then be put behind a VPN /Tunnel. The access to the centralised jump server would be authorised only using RSA Keys or using SSH Certificates which would help you achieve security certifications like PCI DSS, ISO 27001, HIPPA, FEDRAMP, NIST and more very easily.

10 features in Ezeelogin Jump server to secure access of remote employees on Linux servers when working via SSH

1. Enable SSH Key based access only to your ssh gateway. Disable password based authentication.
2. Two factor authentication – Ensure that 2FA is enabled on your jump server gui and for the ssh backend. Enable 2factor authentication such as Yubikey, Google Authenticator or DUO .
   
   DUO 2FA https://www.ezeelogin.com/kb/article.php?id=164
   Google 2FA https://www.ezeelogin.com/kb/article.php?id=147 –
   Yubikey https://www.ezeelogin.com/kb/article.php?id=75
3. User Access Control – Setup access control for your employees so that they can access only the servers they need access to. For example, developers need to access only the development server and system administrator needs to access only production server etc.
   https://www.ezeelogin.com/kb/article…-user-197.html

   https://www.ezeelogin.com/user_manua…sscontrol.html

4. User Privilege Escalation – Make use of privilege escalation feature to ensure that employees login as a non privileged user only. The administrator can decide if the employee needs to escalate his privileges to root, if yes , it can be granted.
5. Record SSH sessions – Monitor all your employee activities and you can always go back in time and search for any investigation. This is a mandatory requirement for being PCI DSS compliance and other.https://www.ezeelogin.com/kb/article…sions-208.html
   https://www.ezeelogin.com/kb/article…ssion-244.html
6. Integrate Ezeelogin with Active Directory so that you can easily import your employees into the jump servers. Users management is now very simplified. To enable to disable users, it can be done via your Active Directory.https://www.ezeelogin.com/kb/article.php?id=178
7. Enable SAML authenticationif your organisation is already using SAML.https://www.ezeelogin.com/kb/article…erver-273.html
   https://www.ezeelogin.com/kb/article…erver-272.html
8. Enforce Employee Password Rotation and disable inactive employees accounts on the jump server.
   
   https://www.ezeelogin.com/user_manua…ntication.html
   https://www.ezeelogin.com/kb/article…xpiry-297.html
9. Automated Server Password Rotations Periodically –
   Its always good to go for ssh key based authentication, however if you have enabled password based authentication, you can easily rotate then across your server fleet periodically with cronjobs.
   https://www.ezeelogin.com/kb/article…ically-76.html
   
   
10. RDP Access & Record RDP Sessions of Employees
    https://www.ezeelogin.com/kb/article…ssion-244.html