![]() ![]() Multi-layer authentication structure for SSH with separate authentication and authorization mechanisms for bastion and backend servers.Centrally record and retain user sessions and SSH access logs by utilizing persistent volumes without needing to make any changes on the backend servers.Configure time-bound access to services for specific sets of users.Provision/rebuild new SSH server containers on demand, whether for security (e.g., a new set of servers every day), availability (limited impact, smaller attack surface), or scalability (a sudden growth in the number of users needing access) reasons.Offer different SSH profiles and QoS to specific user groups.Run multiple SSH containers on the same VM to better utilize resources.Some of the benefits associated with this approach are: However, in the past, there have been some requests to the Red Hat support team to provide guidance to configure it. Why containerized SSH for bastion servers?Ĭontainers are generally considered suitable for stateless workloads, and SSH server is not one of the common workloads for containers. They can configure session-recording for some or all of the users along with centralized authentication (including two-factor authentication) and authorization (HBAC, centralized sudo) for the backend (target) servers. This series of posts covers out-of-the-box capabilities of Red Hat Enterprise Linux (RHEL) 8.2 (rootless containers with Podman, cgroups v2, systemd, ssh, tlog, and RHEL Identity Management) to put together a solution which helps administrators provide secure access to users. There has always been a demand for the ability to record user/administrator sessions for security and accountability reasons, as well as for knowledge-sharing purposes. Most administrators rely on SSH (with or without a VPN) for remote administration. Remotely managing and configuring servers securely is extremely critical for business continuity. With the vast majority of people working from home nowadays, remote access to systems is becoming the norm. How well do you know Linux? Take a quiz and get a badge.Linux system administration skills assessment.A guide to installing applications on Linux.Download RHEL 9 at no charge through the Red Hat Developer program. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |