Two-Factor Authentication for LINUX SSH

Before learning the two-factor authentication for Linux SSH, let’s have a small overview of Linux. Linux servers are one of the widest and most popular servers used by the organizations across the world. They constitute about 67% of all the public facing servers. They are one of the best and most efficient servers that can carry out the large volumes of web processes and transactions at a very low downtime.

Linux servers are highly reliable and scalable. They use SSH protocol to ensure secure login or access to remote servers. However, SSH involves the usage of the password, and a solely password-based authentication invites security threats and breaches. Passwords these days are no longer secure, for they can be hacked, cracked, or stolen using multiple methods.

Since Linux servers process large amounts of data that is mostly confidential, e.g. financial data, they are a large and favourable target to hackers and attackers. Protecting SSH logins merely with passwords may put your or an organization’s data at risk.

FairWare Ransomware targeting LINUX computers
FairWare Ransomware targeting LINUX computers

Click SSH security to read and learn more about the Linux SSH.

Why Two-Factor Authentication for LINUX SSH?

SSH or Secure Shell is a protocol that enables a user to log-in and access remotely located systems & servers securely, over an unsecured network. SSH itself not only encrypts the remote sessions but also delivers better authentication using cryptographic keys- a public key and private key.

As such, the combination of password and the cryptographic keys may seem to be a viable and stronger authentication option but it’s not, and the reason could be any of the following:

  • Cryptographic key (private key) may not be password protected and could be easily stolen.
  • Use of a simple password by the user in encrypting & protecting the private key.
  • System or device where the user has saved or stored the private key may be vulnerable to theft.

As discussed above, passwords are no longer effective to keep your servers protected from intrusion or other types of different security breaches. In addition, the introduction of concepts like BYOD (Bring Your Own Device) have brought more risk to the Linux servers by granting privilege to employees in accessing organization’s network, server and data using their personal devices like laptops, tablets and smartphones, which may be used as a gateway by attackers because of their comparably lower security levels in comparison to a server.

Two-Factor Authentication: Improving LINUX SSH security

Adopting and implementing two-factor authentication in Linux SSH enforces the server to double-check the authenticity of a user. With 2FA, user’s identity is verified and validated, using “what the user knows” and “what the user has”.

Two Factor Authentication for LINUX SSH
Two Factor Authentication for LINUX SSH

What does a user knows, is username and password.

What a user may have, is security token/code.

2FA places token-based authentication as a secure doorway between a user and the protected server. Anyone can knock on it but only the authorized user can open this door with a secret code.

Is it beneficial to secure all servers using 2FA?

Implementing 2FA protection has always proven to be beneficial irrespective of individual or organizational needs. 2FA may be implemented across all servers present within an organization, but that may create complexity in managing, accessing, and using those servers.

It is pertinent to mention that most servers are already protected and secured by the different types of versatile network security tools, such as firewalls and VPNs. However, all these network security methods may avoid and prevent intrusion only within the organization’s network boundaries.

Public-facing servers (usually very few) can be accessed and explored by any user remotely, over a maybe unsecured network, using SSH outside the organization’s secured network. As such these public-facing servers are most prone to intrusion & data-theft and require utmost protection. Thus, implementation of 2FA may be restricted to public facing servers only.

In conclusion, it may be stated that servers are meant for storing and executing large amount of business & organizational data. Therefore, expecting fullest protection of servers merely with a password is not less than a fool’s paradise. Two-factor authentication is one of the easiest and most convenient ways to ensure guaranteed and multi-layered protection to Linux servers.

Top Reasons Why Linux Server Needs 2FA

Linux is a secure and an open source OS (Operating System). Jack Wallen, a technical writer cum security expert, predicts that the market share of Linux server will cross 5% by the end of year 2017. With this increased market share in the coming days, it is obvious that the security risks, hacking incidents and vulnerabilities on this secure platform will be on the rise as well.

As per an analysis by GFI, the network and security solutions provider, Linux was one of the top three most vulnerable operating systems of the year 2014. Total 119 vulnerabilities were reported, 24 of which were rated as high-severity, 74 and 21 were rated medium and low vulnerabilities respectively. This analysis is based on the data from the US NVD (National Vulnerability Database). Therefore, the enterprises which are having Linux servers must take the security seriously, follow a proactive approach, and need 2FA solution for completely reducing/minimizing any kind of vulnerability in the future.

A total of 7,038 new security vulnerabilities were added to the NVD in the year 2014, which reflects that on an average 19 vulnerabilities were reported per day. Nearly 80% were reported in third-party applications, 13% in operating systems, and 4% in hardware devices.

All these statistics are enough to show that implementation of an additional security layer on the Linux servers and other online services is must for protection against threats. One of the best and proven security solutions that every enterprise and the end user need to enable is 2FA.

Brief of this solution

2FA (Two Factor Authentication) is a method that adds an additional security layer to the password-alone verification approach of login an account. This method verifies identity of a admin or end user through two independent factors, namely password and verification code. Every authentic end user knows the password (first factor), and the verification code (second factor) is sent to registered physical device of the user. This code remains active for less than a minute, and strengthens authentication.

If unluckily an intruder manages to know your password from any source, he won’t be able to get the privileges or access rights that you have. It is because he needs an additional factor along with the password to gain the access completely. Due to the use of two varied steps in the login procedure, 2FA security solution is also known as Two Step Verification.

Factors used for user authentication

Something that the user knows (knowledge factors)

Something that the user has (possession factors)

Something that the user is (inherence factors)

Possible reasons why 2FA is must for Linux server

Server admin and the end user can’t avoid using 2FA security solution in present scenario. Below are the possible reasons to use this proven method:

Increased Linux Usage and Vulnerabilities

The market share of Linux is on the rise, so are the vulnerabilities level on this powerful operating system. A recent report based on market share data and usage statistics shows that Linux is used by 37 percent of all websites available over the Internet. For reducing increasing vulnerabilities on Linux server, Two Factor Authentication (2FA) has been proved to be the best solution. It is because 2FA method is more than just password-only verification.

Dual Checks Identity

Along with advancement in technology standards in the last few years, there has also been an increase in identity theft cases globally. For logging in to Linux server admin panel, a valid username and password combination is required by default. If this password goes in the wrong hands, then gaining admin rights becomes extremely easier for an unauthorised user. But with 2FA solution, identity theft seems a tedious task because it dual checks identity, i.e. an extra verification step is involved in the login process.

Constant Fraudulent Logins

When it comes to guessing Linux server password, the intruders use various password cracking techniques like dictionary attack, brute force attack, social engineering, rainbow table attack, phishing, etc. The number of fraudulent logins increase on the server once the intruders guess the right password. To prevent this type of logins from happening constantly, 2FA has emerged as a powerful solution. As per a survey by TeleSign, 8 in 10 people are worried about the online security and 7 in 10 no longer rely on just password-only verification. Hence, Linux server need 2FA for added security and protection against fraudulent logins or several other malicious activities.

Unauthentic Impersonating themselves as Authentic

This is one of the major security issues associated with login in to a Linux server using just password-alone authentication. This type of authentication mechanism requires only password, and facilitates both unauthentic and authentic users to gain the access completely. To distinguish between both these users, it is must to enable 2FA security solution on all the Linux servers. With Two Factor Authentication, it becomes a complicated task for an unauthorized user to impersonate himself as an authentic user. The reason for this strong authentication is the use of an additional factor along with the password. 

Usage statistics for 2FA

The result from a study by SecureAuth, an access control company, shows that 99% of IT departments believe 2FA is the best solution to protect an identity and its access. This company also states that 81% of all confirmed security breaches involve stolen yet valid credentials.

56% of organizations worldwide are using 2FA solution either across the organization or in certain areas.

Two Factor Authentication (2FA) usage statistics for Drupal websites. 5,499 Drupal sites currently report using this security solution for different module categories: Mobile, Security, User Access & Authentication.

Additional tips for strengthening Linux server security

Secure the BIOS (Basic Input/output System)

For better Linux server security, make sure that your system cannot be booted from external sources like CD, DVD, floppy, etc. It is also important that no one else have access to GRUB (GNU GRand Unified Bootloader).

Access Remote Computers with SSH

SSH (Secure Shell or Secure Socket Shell) is the best way to ensure communications between two computers remotely. By default, SSH uses TCP port 22, so you can increase the security by choosing a higher numbered port.

Enable SELinux

SELinux (Security-Enhanced Linux) is an essential security module which is designed to protect overall Linux server security.

Patch the Operating System

It is extremely important that the operating system and several other packages installed must be kept up to date as it is the core of the environment. Without a secure operating system, most of the Linux server strengthening tips will be much less effective.

Apart from enabling 2FA (Two Factor Authentication) solution, the system administrators are required to follow these additional tips for getting the next level Linux server security.

Looking for 2FA Solution