Rublon

Secure Remote Access

Zuletzt aktualisiert am 30. Juli 2024

MFA für Linux ist ein mehrstufiger Ansatz zur Authentifizierung von Linux-Benutzern. Bei MFA für Linux müssen Benutzer mindestens zwei verschiedene Identitätsnachweise erbringen, die als Authentifizierungsfaktoren bezeichnet werden, um Zugang zu ihrem Linux-System zu erhalten. Während der erste Faktor, das Passwort, gleich bleibt, fügt MFA für Linux einen zusätzlichen Schritt hinzu. Bei diesem zusätzlichen Schritt muss der Benutzer eine sekundäre Authentifizierung mit einer sicheren Authentifizierungsmethode wie Mobile Push oder TOTP-Codes durchführen. Dank dieser Methode können Hacker nicht die Kontrolle über ein Konto übernehmen, selbst wenn sie das Passwort geknackt haben.

Rublon schützt Ihre entfernten und lokalen Linux SSH und Desktop Anmeldungen

Similarly to remotely accessing Windows machines using Remote Desktop, you can also remotely access your Linux servers using SSH. The primary password-based authentication for an SSH client comes with all the drawbacks of passwords. In short, passwords are easy to compromise; a password can be stolen, cracked, or even guessed. Multi-Factor Authentication is a good solution that eliminates security risks connected with the low security level of passwords. Multi-Factor Authentication is a good way of solving the low security level of passwords.

Rublon stays up to date with the latest in cybersecurity and delivers modern security solutions for your workforce. Be it Multi-Factor Authentication, Single Sign-On, or Access Policies. Rublon follows well-tested and accepted formulas while also coming up with innovative solutions. On the one hand, years of experience. On the other hand, continuous striving for innovation. Rublon benefits from both and acts both as a wise, experienced magician as well as an ambitious, creative apprentice. One thing is sure. Rublon does magic.

But Rublon is not a magic trick. It’s very much real. Rublon integrates with Linux Desktop and Server distributions like CentOS, Debian, Ubuntu, and others to add Multi-Factor Authentication to every remote or local SSH login using a custom PAM module. In the first step, you provide your login credentials or log in using your private key. In the second step introduced by Rublon, you get a Mobile Push login request on your phone. You can accept or deny the login attempt. Even if somebody knows your login credentials, they cannot log in because you will deny all their login attempts. Mobile Push is often our customers’ favorite because it is easy to use and requires a smartphone, significantly increasing security. However, you are free to pick any other authentication method.

Rublon MFA for Linux SSH

Install Rublon’s SSH PAM module to enable strong Multi-Factor Authentication for your Linux SSH logins.

Supported Linux distributions

Rublon’s SSH PAM module supports the following Linux distributions:

  • Ubuntu 20.04 (Focal Fossa)
  • Ubuntu 22.04 (Jammy Jellyfish)
  • Ubuntu 24.04 (Noble Numbat)
  • Debian 11 (Bullseye)
  • Debian 12 (Bookworm)

Rublon also offers a separate PAM module for Veritas NetBackup.

Enforce Control Over Your Linux MFA SSH Logins

Rublon protects your Linux SSH logins enabling strong Multi-Factor Authentication. In addition to that, Rublon offers a set of management tools to help you control how and when your users authenticate. The Rublon Admin Console is the command center for all your applications and users alike.

The Rublon Admin Console provides you with a set of management tools to supervise your entire organization, from deciding which users are to be bypassed or denied access, through viewing who logged in to which application and when to managing FIDO-compliant security keys, e.g., to use YubiKey OTP.

And then, there is the concept of Policies, introduced as a solution to the challenge of Adaptive Authentication. In a nutshell, the Global Policy applies to all your applications by default. You can override the Global Policy by creating Custom Policies. An Administrator can assign Custom Policies to one or more applications, but each application can only have one custom policy. We have prepared an example that illustrates how creating a policy can solve a frequent problem.

Introduction

Companies rarely ever use Rublon for just one application. Usually, organizations integrate a considerable number of applications and wish to define separate use cases for each application. Global settings for all applications are fine in simple scenarios but prove insufficient in real-life situations. Rublon acknowledged this problem and implemented a way of defining different settings for different applications.

Challenge

Let’s assume you have the following three applications defined in the Rublon Admin Console:

  • Linux SSH
  • Array AG SSL VPN
  • MikroTik VPN

And would like the following requirements to be satisfied:

  • Logins to Linux SSH should be bypassed for users logging in from the following IP address range: 17.5.100.0-17.5.100.50.
  • Only Mobile Push, Email Link, and SMS Passcode should be active authentication methods for users logging in to Linux SSH.
  • Logins to other applications should not be bypassed regardless of the user’s IP address.
  • All authentication methods should be active for users logging in to WordPress or MikroTik VPN.

To satisfy complex requirements like the above, a security system has to have a way to define detailed authentication behavior on the application level.

Solution

Rublon allows you to define custom policies on the application level to fulfill all preceding requirements. One way to satisfy the first two requirements looks like this:

  1. Create a new Custom Policy named Linux SSH Policy.
  2. Click Authentication Methods and check Mobile Push, Email Link, and SMS Passcode. Uncheck every other method of authentication if necessary.
  3. Click Authorized Networks and type 17.5.100.0-17.5.100.50 in the text field.
  4. Click Save to create your Linux SSH Policy.
  5. Go to Applications, and assign Linux SSH Policy to your Linux SSH application.

The other two requirements can be fulfilled in the following way:

  1. Create a new Custom Policy named VPNs Policy.
  2. Enable all authentication methods in your VPN Policy policy while leaving the Authorized Networks field empty.
  3. Click Save to create your VPNs Policy.
  4. Go to Applications, and assign VPNs Policy to your Array SSL AG VPN and MikroTik VPN applications.

Rublon for Linux SSH – Documentation

The Importance of Multi-Factor Authentication And Why You Should Get Rublon