SSH Hardening with 2FA and Login Logging

Links

• Hardening SSH with 2fa

  Liz, a Developer Advocate at honeycomb.io, shares insights on securing SSH keys for infrastructure. Caching unencrypted keys in memory poses risks, and forwarding agents can lead to security breaches. To address this, she suggests two-factor authentication. Google employs short-lived SSH certificates, but it's complex. Liz advocates for using time-based one-time passwords (TOTP) for SSH. She provides server-side and client-side setup instructions, including Chef recipes and Mac client setup. She explores options like Krypt.co for mobile devices, YubiKey hardware tokens, and Linux/ChromeOS setup. It's a comprehensive guide for enhancing SSH security. For details, check the full content.

• SSH Login Logging to Discord via Webhooks

  This blog post explains how to set up automatic login/logout notifications for SSH using Discord webhooks. It provides a step-by-step guide, including creating a webhook, configuring SSH, and troubleshooting tips. The author demonstrates how to create a script, update pam.d configuration, and test the webhook for monitoring SSH logins and logouts efficiently.